Re: NAI Guantlet "Best of Show Award" The Real Deal

["Paul D. Robertson" <proberts () clark net>]

On Thu, 12 Nov 1998, Frederick M Avolio wrote:

> > the network layer.  And if given a choice, I think a higher level of
> > security is achieved for the session (in this scenerio) by forcing the
> > packets up and down the stack at the firewall.
>
> I understand. I don't think you achieve more security. If anything, for
> such services, it is neutral. So, I think the adaptive proxy, if it works
> as described, is a significant addition to the arsenal.

I'm not sure.  It would depend on the implementation, but if the packets 
are passed, not plugged, then there's a question about transport and 
internetwork layer data and malformed packets, as well as fragments.  If 
this is the case, then it'd be less security, not neutral.  If you're 
stuck with flags, sequence numbers, RSTs and window negotiations, then I'm 
not sure at what point your security equals going all the way up the stack and
out the back, but it's a difference to ponder... 

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280