Firewall Wizards mailing list archives
Re: so much for "deny all"
From: "Dave Piscitello" <dave () corecom com>
Date: Fri, 10 Jun 2005 14:21:09 -0400
This is very good publicity for firewall vendors not in the list who provide a default "DENY ALL" in policy configuration. I'll enjoy tormenting friends at these companies over this:-) But the 2nd statement is very odd, don't you think? Not only is it remarkably difficult to parse, but it flies in the face of (my) experience. Taking the source with a grain of salt, I find it hard to believe that most enterprises change security vendors every five years. Perhaps 100% of my clients buck this trend. Upgrades, yes. Forklifting firewalls? I have yet to see this except in circumstances where the prior firewall failed pitifully in enforcing policy. On 7 Jun 2005 at 9:41, Tina Bird wrote:
From the TechTarget coverage of the Gartner Security Summit this week:"Next generation firewalls that do deep-packet inspections from vendors like Juniper Networks, Check Point and Fortinet employ a heuristics engine and allow all network traffic and behavior, except those which policy says it must block. Most enterprises, however, refresh their firewall purchases on a three- to five-year cycle and that makes it challenging to synch new features."
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- so much for "deny all" Tina Bird (Jun 10)
- Re: so much for "deny all" Dave Piscitello (Jun 13)
- RE: so much for "deny all" Tina Bird (Jun 15)
- RE: so much for "deny all" Dave Piscitello (Jun 15)
- RE: so much for "deny all" Tina Bird (Jun 15)
- Re: so much for "deny all" Adam Jones (Jun 13)
- RE: so much for "deny all" Paul Melson (Jun 16)
- RE: so much for "deny all" Kerry Thompson (Jun 17)
- RE: so much for "deny all" Paul Melson (Jun 16)
- Re: so much for "deny all" Rob Hughes (Jun 15)
- Re: so much for "deny all" Dave Piscitello (Jun 13)