Firewall Wizards mailing list archives

RE: GXD vs. SPF

From: "Stout, Bill" <StoutB () pios com>
Date: Mon, 28 Sep 1998 14:32:45 -0400

----- Original Message -----

<snip>

It is reminiscent of when HTTP first came and people had trouble with it
because firewalls didn't support it. CERN came out with a "proxy". Well,
all it did was allow HTTP traffic to pass from the inside to outside and
back. There were no security features (and it was tens of thousands of
lines of code). 

Of course, some services have no useful features that would make a real
application gateway beneficial.  When you see that a proxy is offered for

service but that all it is doing is, well, being a proxy, (like the

plug-gw

in the FWTK) the same service could be done as securely and faster with a
SPF. 

Fred

<snip>

That's what I'm interested in.  

With GXD and SPF, no attention is paid to application commands passed
through (I'd be most interested to see what various vendor proxies do add,
BTW).  

Does the SPF function add (to session state monitoring) anything that
natural TCP sessions states don't?  I thought SPF did unless marketing
technical material, and earlier posts about SPF discussed enhancements to
the SPF function such as programatically added (data field pattern matching)
filters.  The capability for enhancement could be argued as a natural
feature of an architechture.  That would explain the SPF/AG arguements.

If SPF is only equivalent to (not better than) TCP session state tracking,
then SPF belongs in an AG firewall to add session state to UDP generic
proxies.

The SPF vs. AG firewall arguement is similar to NT vs. UNIX security; in
UNIX you turn things on until you're comfortable, and in NT you turn things
off or patch until you're comfortable.  

Bill Stout





______________________________________________________________________
Another dangerous sig.   (Global HERF beams)
Navy's innocent HAARP site: http://www.haarp.alaska.edu/ 
Probable associated Patent:
http://www.patents.ibm.com/details?patent_number=4686605 
"...in Alaska, the right type of fuel...the right magnetic latitudes for the
most efficient practice of this invention" 
"...ability to employ and transmit over very wide areas of the earth a
plurality of electromagnetic waves...provides a unique ability to interfere
with all modes of communications; land, sea, and/or air, at the same
time...missile or aircraft destruction, deflection, or confusion...Weather
modification is possible..."
"...carry out a communications network even though the rest of the world's
communications are disrupted...."

Current thread:

GXD vs. SPF Stout, Bill (Sep 25)
- Re: GXD vs. SPF Paul D. Robertson (Sep 29)
- <Possible follow-ups>
- Re: GXD vs. SPF Ryan Russell (Sep 29)
- Re: GXD vs. SPF Frederick M Avolio (Sep 29)
- RE: GXD vs. SPF Stout, Bill (Sep 29)
- RE: GXD vs. SPF Ryan Russell (Sep 30)
- Re: GXD vs. SPF ark (Sep 30)