Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Crispin Cowan <crispin () wirex com>
Date: Mon, 12 Aug 2002 23:54:05 -0700
Stiennon,Richard wrote:
So they are firewalls with critical features missing, and thus need to be composed with more classical firewalls. This kind of comparison might help consumers decide what they need to buy, and might help product vendors discover that their signature firewalls are missing a feature or two.All well and good Crispin. I agree that devices such as OneSecure's or Intruvert's do provide gateway security therfore could be called firewalls. However they have NO ability to apply a security policy based on connections. I can't ask one of these devices to enforce:From IP address to IP address using FTP, ALLOW.They also are not configured with multiple ports to provide for standard zoning.
That's just a new way of doing network access control. It's still firewall work.These inline-inspection and action engines are doing something all firewalls cannot: Re-assembling packets into sessions and comparing to extensive listof signatures and dropping sessions.
"Targeted"? In what sense? NIDS can be deployed configured to be highly sensitive, with analysts reading the output to decide what to really care about. Signature firewalls had better not be deployed that way, or a lot of legitimate traffic will get blocked.It may be that signature, protocol, and behavior based blocking will someday be in the firewall but they are not there today. Since these products are targeted at replacing IDS devices, not firewalls,
I submit that it does not make sense to do that. Rather, it confounds the market and makes comparisons difficult for product consumers.it makes sense to call them something like Intrusion Prevention devices rather than Layer7-8 firewalls or something else.
Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- <Possible follow-ups>
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name stig . ravdal (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Harris (Aug 14)