Firewall Wizards mailing list archives
Re: Firewalls Compared
From: ArkanoiD <ark () eltex net>
Date: Sun, 27 Jun 2004 12:30:38 +0400
nuqneH, I've found that articles are written from "packet filter" point of view, paying almost no attention to application protocol support and advanced features besides virus scanning, thus it appears like it does not mattter if firewall can enforce application security policy with proper granularity. And - again - no difference for protecting servers vs protecting workstations. "order-independant rule checking" is more than questonable feature, there are "first match" and "last match" rulesets and i think it's much better to keep it clear witch method is used rather than utilize some wicked AI to decide ;-) Logging/reporting capabilities are mentioned too briefly, though it is most important thing to know what happens on the firewall (you cannot just read whole daily syslog every morning ;-) On Sat, Jun 26, 2004 at 09:06:17AM -0400, Laura Taylor wrote:
I would have responded sooner but I was under some tight deadlines to get some work done.... I wrote some articles on how to buy a firewall a few years ago. They are a little dated in that there are some new features and functionality that exists on leading products today, that did not exist when I wrote these articles. However, many of the basic principles still exist, and some of the tips might at least help you get going in selecting a firewall. Firewall Shopping 101 http://www.intranetjournal.com/articles/200202/se_02_13_02a.html February 13, 2002 Select the Right Firweall: Part 1 http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2694089,00.html March 8, 2001 Select the Right Firewall: Part 2 http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2700852,00.html March 25, 2001 If you decide to read these articles, let me know if you find any mistakes. I might not have had enough cups of coffee when I wrote them and if I write any new articles on this topic, I am always open to suggestions for improvements. In my not so copious freetime, I am working on a dynamic spreadsheet that mathematically tabulates firewall decision-making and selection by components. However, being a single Mom with a full-time job doesn't leave me much time to do the fun stuff so it will be awhile before this is anywhere near finished.... Laura Taylor Relevant Technologies, Inc. www.relevanttechnologies.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls Compared, (continued)
- Re: Firewalls Compared Paul D. Robertson (Jun 21)
- Re: Firewalls Compared Gwendolynn ferch Elydyr (Jun 21)
- Re: Firewalls Compared Dave Piscitello (Jun 21)
- Re: Firewalls Compared Ryan M. Ferris (Jun 22)
- Re: Firewalls Compared Paul D. Robertson (Jun 22)
- Re: Firewalls Compared Devdas Bhagat (Jun 22)
- Re: Firewalls Compared Paul D. Robertson (Jun 22)
- Re: Firewalls Compared Devdas Bhagat (Jun 22)
- Re: Firewalls Compared Paul D. Robertson (Jun 23)
- Re: Firewalls Compared Paul D. Robertson (Jun 21)
- RE: Firewalls Compared Laura Taylor (Jun 26)
- Re: Firewalls Compared ArkanoiD (Jun 28)
- RE: Firewalls Compared Laura Taylor (Jun 28)
- Re: Firewalls Compared Marcus J. Ranum (Jun 28)
- RE: Firewalls Compared Eugene Kuznetsov (Jun 29)
- RE: Firewalls Compared Ben Nagy (Jun 30)
- Re: Firewalls Compared Devdas Bhagat (Jun 30)
- Re: Firewalls Compared Crispin Cowan (Jun 30)
- Message not available
- Re: Firewalls Compared ArkanoiD (Jun 29)
- Message not available
- Re: Firewalls Compared Dave Piscitello (Jun 24)
- RE: Re: Firewalls Compared Christopher Lee (Jun 21)