Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Crispin Cowan <crispin () wirex com>
Date: Mon, 12 Aug 2002 23:54:13 -0700
M. Dodge Mumford wrote:
Hence my complaint. Things that are really signature firewalls are being marketed as "inline-IDS" or "intrusion prevention", making it relatively difficult for consumers to notice that they're really buying a different kind of firewall.On Mon, 12 Aug 2002, Crispin Cowan wrote:Is anyone besides me sick to death of hearing about "intrusion prevention" and "gateway intrusion detection" technologies?Occasionally I grow weary of many labels, whether they're applied to security devices, styles of painting, or music. Then I remember that people who aren't experts at things need to put like things together.
That's one possibility, but I don't often see technical improvement coming out of market confusion. Rather the converse; the confusion is used to avoid critical comparisons, leading to weaker products getting away with stuff because they are not compared to their true competitors. This applies both ways between signature firewalls and classical firewalls.When they realize they need or want a thing, they look at the different options available. Creating new categories (or market segments) can help new technologies get off the ground. Sure it creates confusion at first, but in that confusion you can get your foot in the door and make your product better.
It is not accepted: it overtly excludes all of the firewalls built prior to approximately 1993 (others would know better than I when packet filtering was introduced to the firewall business).As far as I can tell, the main reason most firewalls haven't advanced particularly is because a very narrow definition of what a firewall must be has been commonly accepted. It appears the definition of what a firewall must be is something along the lines of "A gateway that filters network traffic based on static rules about which hosts may communicate using specific protocols and specific ports". If that is accepted as a definition for a firewall,
/me confused. I thought there were tons of such firewalls. Some are marketed as application proxy firewalls, while others are marketed as "content filters" (another way to say "firewall").I find it surprising that there aren't (more? any?) gateway devices that will defragment traffic, create new TCP ISN's (preferably using an onboard random number generator), check TCP sequences, implement "firewall-like rules" <cough>, and make it easy to do higher-level blocking. Higher-level to me means things like blocking specific websites and stripping unknown tags from HTML; blocking email messages that are known spam or contain MS executables; making sure that idle SSH sessions timeout; unmangling DNS requests before resending them.
Attacks are happening at (nearly) all the layers and firewalls appear to be happily ignoring them. That's what is letting these "new technologies" happen.
Only if you synthetically define "firewalls" to be a subset of firewalls :) Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name, (continued)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)