Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Aaron Bawcom <aaron () bawcom net>
Date: Sun, 15 Feb 1998 01:26:29 -0800
Marcus J. Ranum wrote:
One other big win that Darren Reed identified at Usenix was that a proxy IDS can't drop packets. You can't overload it and sneak packets past that way. If the IDS can't read the packet, it doesn't get proxied.Now *THAT* sounds like the mythical Next Breakthrough in firewalls.
When considering possible solutions to questions derived from the Secure Networks report, the ability to 'not miss' information that would otherwise be available such as packets traversing the network seems to be a pre-requisite. Indeed, it seems that the NGF will as well operate at the choke point of a network but will differ from current firewalls in that it will simply 'look at more'. The industry will exist in the space of 'how much' and 'in what way'. However, the granularity afforded to such a solution is still not within the bounds necessary to offer the accuracy suggested by the Secure Networks report. It seems that a security solution that has such facilities will break a mantra used by the security community for quite some time. The idea that security is an added feature, an extra bullet on the box, an extra process in memory, another machine on the network. Even the most lax form of security in the analog world is so inane to the way we live and work we underestimate it's practicality. The fact is, we take for granted our built in tools of sight and sound to let us know that the door to Johnny's room is cracked when it usually isn't. Only when the concept of 'policy' or 'trust' can be divided to the level of a basic building block of the functioning system will we be able to maximize information sharing. This idea was aptly portrayed by Chevy Chase in the movie classic "Caddy Shack" when he said, "Don't hit the ball. Be......be.....the ball" aaron () bawcom net No affiliation with Bawcom Communications
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Important Comments re: INtrusion Detection tqbf (Feb 13)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 14)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection Marcus J. Ranum (Feb 14)
- Re: Important Comments re: INtrusion Detection Aaron Bawcom (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Craig Brozefsky (Feb 14)
- Re: Important Comments re: INtrusion Detection Bret Watson (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Rick Morrow (Feb 15)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Adam Shostack (Feb 18)
- Re: Important Comments re: INtrusion Detection Paul M. Cardon (Feb 18)