Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: FW appliance comparison - Seeking input for the forum

From: Cat Okita <cat () reptiles org>
Date: Thu, 19 Jan 2006 15:28:31 -0500 (EST)
On Thu, 19 Jan 2006, Paul Melson wrote:

I immediately trained in on 'actively developing.'  Which means that 5 years
after AD became widely used, there's still not a good proxy for it yet.  It
shouldn't be rocket science since it's kerberos, LDAP, NetBIOS, RPC, and
COM.  It also shouldn't have to come from a third party vendor.  But I
digress.


... and I'll digress a bit further.  AD may be 'just' kerberos, LDAP,
NetBIOS, RPC and COM - but if you've ever spent any time doing integration
work with AD, it becomes quickly apparent that the combination is by
no means simple or straightforward.


Right, but policy is equally useless without mechanisms capable of enforcing
it.  And while there are vendors out there that write security proxies for
specific applications and protocols, the products that are out there still
only support a tiny fraction of the protocols present on the average
corporate network.

Not to discount the power of application proxies, but they're far from a
single solution.


I think everybody on this list would agree that there's no single solution,
but that incremental improvements are far better than waiting for the
ultimate solution.

cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: