Re: Firewall best practices

[Martin Barry <marty () supine com>]

$quoted_author = "Marcus J. Ranum" ;
> That's why firewalls need to go back to doing what they
> originally did, and parsing/analyzying the traffic that
> flows through them, rather than "stateful packet
> inspection" (which, as far as I can tell, means that
> there's a state-table entry saying "I saw SYN!")

Marcus, are you referring to DPI or proxies or both or something else
entirely?

 
> If the firewall doesn't understand the data it's passing,
> it's not a firewall, it's a hub.

If an application emulates HTTPS traffic and is proxy aware, how do you tell
the difference?

cheers
Marty
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards