Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: Crispin Cowan <crispin () wirex com>
Date: Sat, 17 Aug 2002 17:53:44 -0700
Ofir Arkin wrote:
As I said when I posted my rant, I'm not criticizing Hogwash per se. I think Hogwash is *very* cool. I just think it is a mistake to label it anything other than a kind of firewall (I suggest "signature firewall").Hogwash is cool, do not forget it is open source and developed on the spare time of Jed. At the end of the day it works well and provides exactly what Jed tells you it provides.
Of course, Hogwash is a lot less guilty of using funky labels to avoid direct comparisons to firewalls than the commercial signature firewall vendors. Jed does it in his spare time, and the commercial vendors stand to earn $ if they can sell stuff, and avoiding comparisons to Checkpoint|Raptor|Whale AirGap|pick-your-favorite-funky-firewall, that may help.
I'm just trying to consistently call a spade a spade. Inline IDS is a kind of firewall. Once that is understood, we can discuss the competative merrits, and the benefits of composing various kinds of firewalls in series. Say, there's an interesting thought:
* NIDS compose in parallel:
o clamp as many different NIDS onto your network as you can
afford to monitor
o more NIDS don't slow down your traffic at all
o parallel NIDS can check for more/different kinds of
intrusions in parallel, providing scaling
* firewalls (including in-line IDS) compose in series
o put as many in as you like, so long as *none* of them block
your legitimate traffic
o adding more firewalls increases latency, and throughput is
limited to the throughput of your slowest device
o serial firewalls can also scale to provide checking for
more/different kinds of attacks, at the expense of the above
latency and throughput issues
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX http://wirex.com/~crispin/
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name, (continued)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Barney Wolff (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name B. Scott Harroff (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)