Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Chris Blask <chris () blask org>
Date: Fri, 26 May 2006 10:12:10 -0400
At 09:11 AM 26/05/2006, ArkanoiD wrote:
nuqneH, On Thu, May 25, 2006 at 08:24:17PM -0400, Marcus J. Ranum wrote:My guess is that that VCs would split a rib laughing if someone came to them with a business plan for a new firewall company. :)Damn sure. And maybe that's why we have nothing like "Gauntlet on steroids" (flexible, expandable and supported with development team who is willing to help to integrate it with any customer application) these days, though there definitely *is* some niche market demand for it.
.d. We spend too much time complaining about the shape of the landscape, not enough time building communities that fit into it. Why should any non-Infosec decision maker believe that our Perfect Firewall will make them safe? It won't: they'll be hacked from the inside/wirelessly/through an unauthorized connection. Nothing we as an industry have delivered is any better than anything else at making customer X safer from the risks they face, so why should they listen to us? The only places to date we can (sometimes) actually provide decent security is where the dollars involved are so huge they justify the expense, or where someone who can follow this thread works (but then they get a new job, and their employer is screwed again). Is it a shoe manufacturer's fault that our industry has produced no empirical metrics that would differentiate the qualities of good and bad ideas? It's the maturity phase of the market that I can't wait for (though it may start getting boring about then). It is essentially impossible to offer SAS-level advice (to add one last military analog) in the current market, because we are still arguing about what a gun is. -cheers! -chris The man who never alters his opinion is like standing water, and breeds reptiles of the mind. -William Blake Chris Blask chris () blask org http://blaskworks.blogspot.com -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Mark (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 30)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Devdas Bhagat (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- cisco ssh rate limit hermit921 (May 26)
- Re: cisco ssh rate limit David Swafford (May 26)
- Re: cisco ssh rate limit hermit921 (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Balazs Scheidler (May 28)