Re: "firewalls" at high speed -- was Re: FW: your mail

["Alex P. Rudnev" <alex () Relcom EU net>]

Perfectly... 


On Mon, 27 Sep 1999, Howard C. Berkowitz wrote:

> Date: Mon, 27 Sep 1999 08:27:27 -0400
> From: Howard C. Berkowitz <hcb () clark net>
> To: nanog () merit edu
> Subject: "firewalls" at high speed -- was Re: FW: your mail
...
> All good points. Something else to consider:  with increasing cryptographic
> security requirements, the "firewall" (ambiguous term as it is, but let's
> think of it as a stateful packet screen -- the major approach at high
> speed) is not the only device between you and the outside.  It's worth
> thinking of:
>
>    Bastion hosts -- not trusted with crypto keys
>    Security gateways -- trusted to do encryption
>      IPsec gateways
>      SSL/TLS proxies
>    Conduits with access lists -- for host-to-host encryption, where
>                                  the firewall wouldn't add value
>
> There is also the very murky area where logging and intrusion detection
> mix, and whether they can operate at these speeds/

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)