Re: Firewall best practices

["Lloyd, Mike" <drmike () redseal net>]

Carson Gaspar wrote:

> Once upon a time I did some serious thinking about a signature based 
> firewall, that cared only a little about port numbers, and a lot about 
> packet content. It would necessarily involve an update cycle similar to 
> anti-virus signature updates.
>
> I've seen some work on this, mostly from a traffic shaping / IPS / IDS 
> slant, but I haven't seen anything serious from the firewall front. But 
> then I haven't been doing firewalls for several years, so I may just be 
> behind the times.

For a firewall thinking beyond the header, you may want to check out Palo
Alto - http://www.paloaltonetworks.com/

You never know, if you could record your serious thinking and send it back
in time a few years, you might be able to sue them retroactively :-)

For those of us still doing firewalls, it's an interesting evolution.
It's particularly useful to those of us who automate firewall analysis - a
whole new mountain of details to figure out, effectively a form of job
security for firewall wizards everywhere.

Mike


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards