Re: Proxies, opensource and the general market: what's wrong with us?

[Dave Piscitello <dave () corecom com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 4/27/2011 4:52 PM, David Lang wrote:
> open projects implementing proxies have a really hard time here, because
> most people have bought into the marketing that all a firewall should be
> is a packet filter, so proxies aren't going to be used by anyone who can
> just use a packet filter, and the available proxies don't do a lot of
> things that the commercial tools do, so the gap where someone has
> decided that packet filters are not good enough, and where they need
> features that only the commercial tools offer is pretty narrow.

I wonder if this "all a firewall should be is a packet filter" is truly
the case. Is the buyer focus on proxy or packet filtering these days, or
on "blocking X" where X is "a threat"?

Most of the commercial marketing blather focuses on controlling threats,
users, and application specific attacks. The only mention of packet
filtering is often in the context of "packet filtering is no longer
effective". Granted, this is smoke and mirrors, but search NGFW or WAF
and tell me what you find. I'm not advocating that this is a good thing,
BTW.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNvGzEAAoJEDa3DI8IpP3/V6QIAIOZxPtac8HlPdSGXSZ2+dtQ
SbFBEztdJUP0HRytxVXekxQsUNv1JZKgWN/vJ+OY98XxC7623nQ4sLb1BXVVpcwB
+IxN1gV2tYM3TW9Xs3NofMBoeKxOfuARagg6zjoxPBJETb2B4jrtfGItACRsJUJG
T1FiiLAAcH4dOf7XcsAlFxmFIk3gt6h58Z3OL8O43+EB6xW970qPFFUNrHDdyJxN
CUxsvUA1xIM3W8ik/41qL+J4cPgvUtG8iLllHPeDb+GrmPROh/LSqgVXXxJLOSjg
sY16VrSVBai/RqG0nDjSn37nFToW50bXHFGAbr8EUhLS+RaWUO72z940mJgM370=
=hpop
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards