Firewall Wizards mailing list archives
RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Crispin Harris <Harris_C () DeMorgan com au>
Date: Thu, 15 Aug 2002 10:21:34 +1000
-----Original Message----- From: Mikael Olsson [mailto:mikael.olsson () clavister com] "Marcus J. Ranum" wrote:input: if we've been told to encrypt it to someplace else { [...] if it's permitted { [...] if it's denied { [...]Wait, let me summarize that for you: while(manageable_and_secure(code_complexity)) { add_more_code(); } add_more_code(); add_more_code(); add_more_code(); release^Wescape(leaving_bloody_trail_of_designers_and_qa_people); ;)
On the contrary, this flow allows significant amount of logical and/or physical separation. Using this model, it is very easy to seperate VPN processing, Packet ACLs, and Honeypot functions (separation of IDS is slightly more difficult, but can be acheived as well....) Poorly implemented, this model would llow for megalithic, bloated code, with far too much occuring on one system. This would also lead to performance issues. :-( Regards, Crispin Harris Senior Security Consultant (Sydney) DeMorgan Information Security Systems Toll Free: 1800-DEMORG (33 66 74) Office: 02-9929-0377 Fax: 02-9499 4885
---------------------------------------------------- This correspondence is for the named person's use only. It may contain confidential or legally privileged information or both. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this correspondence in error, please immediately delete it from your system and notify the sender. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of DeMorgan Pty Ltd. This e-mail has been checked for known Viruses. It is the responsibility of the receiver to check their system for infected files and any such file is deemed not to be the responsibility of DeMorgan. ---------------------------------------------------------
Current thread:
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- <Possible follow-ups>
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name stig . ravdal (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Harris (Aug 14)