Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Intrusion Prevention Firewall

From: "franks" <franks () nfr com>
Date: Sun, 17 Mar 2002 08:47:58 -0800


-----Original Message-----
From: franks [mailto:franks () nfr com] 
Sent: Sunday, March 17, 2002 8:47 AM
To: 'Stiennon,Richard'
Subject: RE: [fw-wiz] Intrusion Prevention Firewall


Gary, don't get your hopes up with any product on the market right now.
Unfortunately many vendors may make claims about NIDS/Prevention devices
but the question arises. 
How does it make it's decision about what GOOD and BAD traffic is?. For
instance onesecure has this great FLASHY product that neglects to inform
it's user that Anomaly detection is VERY fuzzy, and normal traffic is
never NORMAL!. This leads to IDS's acting like firewalls that can run
rampant on your network acting like a firewall!.

IMHO IDS is young, and not capable to do smart responsive behavior.
Odd's are that if you implement any solution to REACT it will react in
ways you never imagine. This is a sure fire ways to get Management
attentions.

For now security professionals have to accept the thought that Firewalls
are boarder protection devices (kind of), and IDS is the ugly step child
that no one ever pay attention to until something happens.

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com] On Behalf Of Stiennon,Richard
Sent: Saturday, March 16, 2002 2:42 PM
To: 'Gary Flynn'; 'firewall-wizards () nfr com'
Subject: RE: [fw-wiz] Intrusion Prevention Firewall


Check out OneSecure's recently announced inline NIDS/Prevention device.
This is exactly what it does. Note CTO, Nir Zuk of FW-1 and VPN-1 fame.
http://www.onesecure.com/products.html
-Richard

-----Original Message-----
From: Gary Flynn [mailto:flynngn () jmu edu]
Sent: Friday, March 15, 2002 4:25 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] Intrusion Prevention Firewall



Hi,

I'm looking for a cross between an NIDS and a
firewall.

Are there network "IDS" products out there that take action 
to prevent an attack from succeeding other than to:

1) Notify someone to manually deal with it
2) Do a TCP RST on the session
3) Put a router filter in to block the offending IP

I'm looking for something like an application level firewall controlled
by a NIDS engine that would drop offending traffic at the ingress point.
Something like Hogwash but in a mainstream product capable of being put
on a high-speed production Internet feed.

( http://hogwash.sourceforge.net/ )

Does such a thing exist?

thanks,
-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: