Re: Firewall vs. IPS - Differences now (ISS, Intrushield 2.1?)

[Shaiful <shaifuljahari () yahoo com>]

Hi,

I think what you meant is the SOCKS firewall.  I've
never really understand the technology behind it
except that it's working at the transport layer.  Can
somebody enlighten us with this technology in a layman
terms?

May be this email should be inside firewall mailing
list but just wondering about the technology behind
it.   If you can compare this technology with network
and application layer firewall, it is better since I
understand both of them, more or less.

I know the faq site in case you want to link it:
http://www.socks.permeo.com/TechnicalResources/SOCKSFAQ/index.asp

Thanks in advance.

Regards,
Shaiful


--- "M. Dodge Mumford" <dodge () dmumford com> wrote:

> Rob Shein said:
> > At first, there were packet filters, which only
> cared about what ports were
> > used and which hosts were talking; they were
> ignorant with regard to
> > connection state, fragmentation, or any other
> aspects of the communication.
> > And they failed to account for services like FTP,
> where an outside host
> > needs to open a second inbound channel on an
> unpredictable port to the
> > server.  But it definitely cut back on the
> exposure of a network to outside
> > attackers.
>
> Actually, you missed the first step -- proxy
> firewalls. They used their
> host's TCP stack, could readily handle secondary
> channels for services where
> proxies chad been written. The boxes were expected
> to be bastions -- to
> actually block traffic, and to fall over if attacked
> with sufficient vigor
> (thus protecting the critical resources).  But they
> were slow compared to
> the packet filters and stateful inspection
> firewalls. The vendors failed to
> demonstrate how they could mitigate attacks that the
> market failed to
> appreciate (or decided the cost outweighed the
> risk).  They would have been
> an ideal place to perform the checks that prevention
> systems are now moving
> towards, but are treated as tubercular lepers.
>
> As Ron Gula mentions, enterprise firewalls are
> expected to have a certain
> (large) feature set. By referring to this new breed
> of stuff as being "kinda
> like a firewall", vendors get to create an entire
> new buzzphrase (rest in
> peace, lowly buzzword), and not have to directly
> compete with the big guys
> who dominate that space.  IPS vendors don't have to
> feel bad about not being
> a VPN endpoint, proxies, etc. Yet.
>
> It seems to me the meaning of "firewall" has long
> since been extended to
> mean just about anything that has the ability to
> block traffic.
>
> -- 
>
> Dodge, who works for a vendor in the market. Add
> salt.

> ATTACHMENT part 2 application/pgp-signature 




                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

--------------------------------------------------------------------------
FREE Network Security Webinar - How to implement IPSec security into VPN appliances 
 
New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection.
Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec 
security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers. 
Register now:

http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817
--------------------------------------------------------------------------