RE: Intrusion Prevention Firewall

["R. DuFresne" <dufresne () sysinfo com>]

On Mon, 15 Apr 2002, Dave Piscitello wrote:

> But this isn't something *new*. Several firewalls do exactly this
> My WGRD Firebox temporarily blocks hosts according to a DOS
> and attack signature library, and my Rapidstream
> can detect basic DOS attacks and tries to mitigate the effects by
> discarding traffic. I'm pretty certain if I turn on my SonicWall, it has
> some feature like this.


doesn't this "attack signature library" put the firewall into the
DIS/virus scanner category though?  Meaning this library has to be
maintained and updated regularly to be most effective, and the rules it
plays upon has to be regularly maintained to make sure it's not
over-reacting to signatures it detects from address space you need to
reach out and deal with, like corporate partners, vendor sites and what
not?  This can be an administrative nightmare and requiring lots of
documentation in case you're not there when updates and changes are
required can't it?

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards