RE: Layer 3-7 Firewall.

["George J. Jahchan" <Firewall-Wizards () Compucenter org>]

Many thanks to all respondents.

I have had a look at TippingPoint, they seem to match our needs.
Unfortunately, they currently do not sell outside the US. Plus, it is
unclear how new (as yet undisclosed) threats are handled, before
TippingPoint update their boxes with the threats' inoculation vaccine.
Their selling point is that they could inoculate an entire network much
faster than applying software vendor patches to hundreds or thousands of
machines (which would then be done with no time pressure) -- a valid
point.

Fortinet and Netcontinuum are respectively anti-virus and www gateways,
which do nothing to protect applications other than www, ftp and email.

Captus networks tout their policy engine's layers 3 and 4 awareness...

Nortel's Alteon switches are designed for much larger infrastructures
(with commensurate pricing).

TopLayer seem to have application-layer switches with firewall and
traffic shaping functionality. I have heard that their application
recognition engine relies on bit-pattern matching (something similar to
Cisco's NBAR), rather than true layer-7 protocol analysis. Can anyone
familiar with the product confirm or rebuke this by clarifying that
point?

Could a malformed request be sent in encrypted form to an https server,
or this is not possible? If yes, what could be done to protect against
this kind of threat?

Since the www and db servers will be each in its own zone, I will
investigate the possibility of achieving an acceptable level of security
by using server-based application-specific content inspection/blocking
engines (assuming these exist in the first place) for Oracle9i and www
on AIX.

TIA

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards