Firewall Wizards mailing list archives
Re: Firewall best practices
From: "Lloyd, Mike" <drmike () redseal net>
Date: Wed, 28 Apr 2010 07:55:13 -0700 (PDT)
Carson Gaspar wrote:
Once upon a time I did some serious thinking about a signature based firewall, that cared only a little about port numbers, and a lot about packet content. It would necessarily involve an update cycle similar to anti-virus signature updates. I've seen some work on this, mostly from a traffic shaping / IPS / IDS slant, but I haven't seen anything serious from the firewall front. But then I haven't been doing firewalls for several years, so I may just be behind the times.
For a firewall thinking beyond the header, you may want to check out Palo Alto - http://www.paloaltonetworks.com/ You never know, if you could record your serious thinking and send it back in time a few years, you might be able to sue them retroactively :-) For those of us still doing firewalls, it's an interesting evolution. It's particularly useful to those of us who automate firewall analysis - a whole new mountain of details to figure out, effectively a form of job security for firewall wizards everywhere. Mike _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall best practices, (continued)
- Re: Firewall best practices Cian Brennan (Apr 28)
- Re: Firewall best practices Fetch, Brandon (Apr 28)
- Re: Firewall best practices Mathew Want (Apr 30)
- Re: Firewall best practices ArkanoiD (Apr 30)
- Re: Firewall best practices Marcus J. Ranum (Apr 30)
- Re: Firewall best practices ArkanoiD (Apr 27)
- Re: Firewall best practices Dave Piscitello (Apr 22)
- Re: Firewall best practices Marcus J. Ranum (Apr 14)
- Re: Firewall best practices MILAN, SANDY (ATTSI) (Apr 14)
- Re: Firewall best practices Marcus J. Ranum (Apr 15)