RE: Evolution of Firewalls

["Melson, Paul" <PMelson () sequoianet com>]

One thing that I would caution you about is to not confuse conceptual
access control methodologies for the actual firewall products that go in
your rack.  There is a great leap from theory to implementation, and an
even greater leap from marketing hype to actual product specifications
and capabilities.  And both of those leaps are the stuff of proprietary
code and trade secrets.  

You will save a lot of time by first defining the capabilities and
requirements for your corporate firewall, then evaluating individual
products against that criteria.  If you decide which products to
consider based on which conceptual methodology their marketing
literature invokes, you run the risk of ending up with a product that
meets neither your needs nor your expectations.

PaulM


-----Original Message-----
Hi, I am currently evaluating several types of firewalls for the
company. 

Our team is currently debating if Stateful Deep Inspection firewall is
going be the new technology to replace the Application Proxies firewall
which deem to be most secure currently.

I personally feel that Deep Inspection firewall is less reliable as we
know that it only blocks what is known to be bad. This seems to be less
effective and become an never-ending arm race where Deep Inspectioin
firewall requires the most updated bad list all the time.

On the other hand, Application Proxies firewall only allows what is
known to be good. This makes the defence become more effective as we
know good things do not change as frequently as bad things.

Any input would be very much appreciated.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards