Firewall Wizards mailing list archives
Re: so much for "deny all"
From: Rob Hughes <rob () robhughes com>
Date: Sat, 11 Jun 2005 11:15:57 -0500
On Tue, 2005-06-07 at 09:41 -0700, Tina Bird wrote:
From the TechTarget coverage of the Gartner Security Summit this week: "Next generation firewalls that do deep-packet inspections from vendors like Juniper Networks, Check Point and Fortinet employ a heuristics engine and allow all network traffic and behavior, except those which policy says it must block. Most enterprises, however, refresh their firewall purchases on a three- to five-year cycle and that makes it challenging to synch new features."
This would be incorrect, at least with regards to CheckPoint boxes. The only way to produce the behavior they describe would be to add an explicit any any accept rule in the security policy. Of course, considering that it's Gartner, they may very well have done exactly that. -- Ignorance is a condition. Stupidity is a way of life. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- so much for "deny all" Tina Bird (Jun 10)
- Re: so much for "deny all" Dave Piscitello (Jun 13)
- RE: so much for "deny all" Tina Bird (Jun 15)
- RE: so much for "deny all" Dave Piscitello (Jun 15)
- RE: so much for "deny all" Tina Bird (Jun 15)
- Re: so much for "deny all" Adam Jones (Jun 13)
- RE: so much for "deny all" Paul Melson (Jun 16)
- RE: so much for "deny all" Kerry Thompson (Jun 17)
- RE: so much for "deny all" Paul Melson (Jun 16)
- Re: so much for "deny all" Rob Hughes (Jun 15)
- Re: so much for "deny all" Dave Piscitello (Jun 13)