Firewall Wizards mailing list archives
RE: stealth firewalls
From: "Don Flanagan" <dflanagan () bytex com>
Date: Fri, 18 Jan 2002 14:33:35 -0600
Hardware-based security devices are better able to keep pace with increasing bandwidth. The current Bytex firewall, for example, is a "stealth" or "bump-in-the-wire" hardware device. Our next-generation product can also be a stealth device, or it can combine packet filtering with one or more complementary applications (e.g., VPN, intrusion detection, network monitoring) that require IP addressability. The crucial point for us is that all of the functions be performed on the same board--with high-speed customized media interfaces, specialized network processors, an embedded OS, and optimized firmware (whether it is tricky or not I will leave to others to decide). This is in contrast to appliances that use standard NICs, a generic processor and OS, and custom application software riding on top. They are cheaper, but they don't deliver the performance needed in gigabit environments. Don Flanagan Bytex Corp. www.bytex.com -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of ark () eltex ru Sent: Thursday, January 17, 2002 4:08 PM To: Nate Campi Cc: Irwin Lazar; 'firewall-wizards () nfr com' Subject: Re: [fw-wiz] stealth firewalls The word "firewall" becomes somehow confusing when used in this context. Actually there are two different tasks and two different classes of devices that have some similarities but the approach and implementation is completely different: "firewalls" that implement simple filtering and basic DoS protection for large networks and big servers. Those are usually hardware-accelerated devices that have tricky optimized firmware inside. The main goal is performance. You place those just behind your border router. "firewalls" that implement in-depth data inspection, authentication and access control. General-purpose Unix with some modifications and application software fits the best. Those are not fast but smart - they are designed this way. If you say "i have n*K workstations and my firewall cannot handle the load" it probably means you have done everything wrong. There should NOT be such a number of workstations homogenous from security viewpoint. You probably need more firewalls each protecting its own department network. Let's not mix the two. (i did not mention VPN devices often called firewalls too ;) YOU (Nate Campi) WROTE:
Most firewalls hosted on general-purpose UNIX hosts can't handle the large amounts of traffic that many of us would need to throw at it. Recently my work needed syn-flood protection for a network where outgoing traffic filled the two 100mbit uplinks, and only dedicated devices could fill this niche. The one they use is uses the same approach, essentially bridging the traffic.
-- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- stealth firewalls Irwin Lazar (Jan 16)
- Re: stealth firewalls Nate Campi (Jan 17)
- RE: stealth firewalls Ofir Arkin (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- RE: stealth firewalls Don Flanagan (Jan 19)
- Re: stealth firewalls Volker Tanger (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Peter Lukas (Jan 17)
- Re: stealth firewalls Dave Mitchell (Jan 18)
- Re: stealth firewalls Roelof JT Jonkman (Jan 18)
- <Possible follow-ups>
- Re: stealth firewalls ark (Jan 17)
- Re: stealth firewalls ark (Jan 18)
- Re: stealth firewalls Volker Tanger (Jan 18)
- Re: stealth firewalls Valerie Anne Bubb (Jan 19)
(Thread continues...)
- Re: stealth firewalls Nate Campi (Jan 17)