Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name

From: Barney Wolff <barney () tp databus com>
Date: Mon, 12 Aug 2002 19:53:15 -0400
On Mon, Aug 12, 2002 at 05:09:01PM -0600, Ryan Russell wrote:


I think a more interesting question is: if GIDS is the new "firewall",
then why did firewalls running on top end PCs max at 100mbps or so with
just a few dozen rules and terribly simply filtering capabilities... while
a GIDS with much more interesting filterinag capabilities and a few
thousand rules can also do the same?  Did PCs just get that much faster?

(I think part of the answer has to do with the fact that IDS' are much
less concerned with various groups of IP addresses, like inside, outside,
DMZ, web_servers, etc...)


I think it has to do with cultural acceptability.  A firewall that
failed open would be laughed off the market, but an IDS is allowed
to miss some attacks, and if your IDS ignores some packets because
its queues have overflowed, you'll never know.

-- 
Barney Wolff
I'm available by contract or FT:  http://www.databus.com/bwresume.pdf
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: