Firewall Wizards mailing list archives
RE: Evolution of Firewalls
From: "Melson, Paul" <PMelson () sequoianet com>
Date: Mon, 8 Mar 2004 16:35:49 -0500
One thing that I would caution you about is to not confuse conceptual access control methodologies for the actual firewall products that go in your rack. There is a great leap from theory to implementation, and an even greater leap from marketing hype to actual product specifications and capabilities. And both of those leaps are the stuff of proprietary code and trade secrets. You will save a lot of time by first defining the capabilities and requirements for your corporate firewall, then evaluating individual products against that criteria. If you decide which products to consider based on which conceptual methodology their marketing literature invokes, you run the risk of ending up with a product that meets neither your needs nor your expectations. PaulM -----Original Message----- Hi, I am currently evaluating several types of firewalls for the company. Our team is currently debating if Stateful Deep Inspection firewall is going be the new technology to replace the Application Proxies firewall which deem to be most secure currently. I personally feel that Deep Inspection firewall is less reliable as we know that it only blocks what is known to be bad. This seems to be less effective and become an never-ending arm race where Deep Inspectioin firewall requires the most updated bad list all the time. On the other hand, Application Proxies firewall only allows what is known to be good. This makes the defence become more effective as we know good things do not change as frequently as bad things. Any input would be very much appreciated. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Evolution of Firewalls, (continued)
- Re: Evolution of Firewalls Mikael Olsson (Mar 11)
- Message not available
- Re: Evolution of Firewalls ArkanoiD (Mar 11)
- vpn end-point Shimon Silberschlag (Mar 18)
- Re: Evolution of Firewalls Marcus J. Ranum (Mar 09)
- Re: Evolution of Firewalls Chris Blask (Mar 09)
- Re: Evolution of Firewalls Devdas Bhagat (Mar 11)
- Re: Evolution of Firewalls Marcus J. Ranum (Mar 12)
- Re: Evolution of Firewalls ArkanoiD (Mar 18)
- Re: Evolution of Firewalls Marcus J. Ranum (Mar 18)