Firewall Wizards mailing list archives
Re: Firewall bake-off?
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Thu, 22 Mar 2007 22:45:44 +0100
Hi, all! On Thu, Mar 22, 2007 at 12:12:54PM -0500, Carric Dooley wrote:
.. and it's probably been 7 years since I've seen it.. it does not have a huge install base, and I'm surprised to even here anyone reference it. I'm not saying it's bad, just that see it rarely enough to say "never". The airforce liked SecureComputing...
So, you missed the most amazing improvements ;-) Secure Computing acquired the Gauntlet division from Network Assoicates and merged the features of what once was Gauntlet 6.0 and Sidewinder 5.2 into the Sidewinder G2 product line. I'm biased, I'm selling the product, but bear with me for a minute ... What makes me like the product: - default deny - proxy everything - best coverage of protocols in the industy, i.e. the firewall does not just pass port 443 through - if the session doesn't start with a proper TLS handshake, the traffic is blocked, same for HTTP, MS SQL, lots of proxies that are not just "plugs" - you can still use packet filters if you insist And, pardon, another poster mentioned Pix and familiarity with IOS ... that's simply not a valid criteria for a firewall. Period. I know Pix only up to 6.latest but this box doesn't know a bit about what's going on inside the traffic it passes. Nothing. I came up with a very simple litmus test for firewalls and their "deep inspection" aka "application level intelligence", whatever you want to call it: 1. Define an "inside" network and an "outside" network that represents "the Internet". 2. Permit: initiated from "inside" to "arbitrary server outside" HTTP + HTTPS (including absolutely necessary things like DNS ...) 3. Try to use Skype on a Windows machine on the "inside". 4. If it works, your so called firewall is a piece of crap. Kind regards, Patrick M. Hausen Leiter Netzwerke und Sicherheit -- punkt.de GmbH * Vorholzstr. 25 * 76137 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info () punkt de http://www.punkt.de Gf: Jürgen Egeling AG Mannheim 108285 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall bake-off?, (continued)
- Re: Firewall bake-off? Jim MacLeod (Mar 19)
- Message not available
- Re: Firewall bake-off? Marcus J. Ranum (Mar 19)
- Re: Firewall bake-off? Carric Dooley (Mar 22)
- Re: Firewall bake-off? Carson Gaspar (Mar 21)
- Re: Firewall bake-off? Zachary Grafton (Mar 21)
- Re: Firewall bake-off? Jim MacLeod (Mar 21)
- Re: Firewall bake-off? Zachary Grafton (Mar 21)
- Re: Firewall bake-off? Patrick M. Hausen (Mar 21)
- Re: Firewall bake-off? K K (Mar 21)
- Re: Firewall bake-off? Patrick M. Hausen (Mar 22)