Firewall Wizards mailing list archives

Re: so much for "deny all"

From: "Dave Piscitello" <dave () corecom com>
Date: Fri, 10 Jun 2005 14:21:09 -0400

This is very good publicity for firewall vendors not in the list who 
provide a default "DENY ALL" in policy configuration. I'll enjoy 
tormenting friends at these companies over this:-)

But the 2nd statement is very odd, don't you think? Not only is it 
remarkably difficult to parse, but it flies in the face of (my) 
experience.

Taking the source with a grain of salt, I find it hard to believe 
that most enterprises change security vendors every five years. 

Perhaps 100% of my clients buck this trend. Upgrades, yes. 
Forklifting firewalls? I have yet to see this except in circumstances 
where the prior firewall failed pitifully in enforcing policy.



On 7 Jun 2005 at 9:41, Tina Bird wrote:

From the TechTarget coverage of the Gartner Security Summit this
week:


"Next generation firewalls that do deep-packet inspections from
vendors like Juniper Networks, Check Point and Fortinet employ a
heuristics engine and allow all network traffic and behavior, except
those which policy says it must block. Most enterprises, however,
refresh their firewall purchases on a three- to five-year cycle and
that makes it challenging to synch new features."




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

so much for "deny all" Tina Bird (Jun 10)
- Re: so much for "deny all" Dave Piscitello (Jun 13)
  - RE: so much for "deny all" Tina Bird (Jun 15)
    - RE: so much for "deny all" Dave Piscitello (Jun 15)
- Re: so much for "deny all" Adam Jones (Jun 13)
  - RE: so much for "deny all" Paul Melson (Jun 16)
    - RE: so much for "deny all" Kerry Thompson (Jun 17)
- Re: so much for "deny all" Rob Hughes (Jun 15)