Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name

[Ryan Russell <ryan () securityfocus com>]

So, if I may summarize your question: "Don't buzzwords suck, and isn't
this a firewall"?  To which I respond: define firewall.

> From what I understand about Barnyard (and that I assume others do as
well) is that it will "normalize" packets to some degree, use IDS-style
rules, and add blocking.  One could easily argue that firewalls should
have been able to do the packet normalization and much more granular rules
for years.  I'm aware of very few that do.  Most people can only point to
a box of parts or manuals and CDs, and call that a "firewall".  Based on
what those do, and what Barnyard does, they are not quite the same beast.
If you want to use the broad, conceptual definition of "firewall", then
they are firewalls.

Network switches are nothing but bridges, but the two different wors serve
to inform the consumer that each product does something a luittle
different.

I think a more interesting question is: if GIDS is the new "firewall",
then why did firewalls running on top end PCs max at 100mbps or so with
just a few dozen rules and terribly simply filtering capabilities... while
a GIDS with much more interesting filterinag capabilities and a few
thousand rules can also do the same?  Did PCs just get that much faster?

(I think part of the answer has to do with the fact that IDS' are much
less concerned with various groups of IP addresses, like inside, outside,
DMZ, web_servers, etc...)

                                                Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards