Firewall Wizards mailing list archives
RE: Time for a new FWTK?
From: Craig Brozefsky <craig () onshore com>
Date: Wed, 26 Nov 1997 22:09:30 -0600
On Thu, 27 Nov 1997, Bret Watson wrote:
If the application proxy can be likened to bank cashier and stateful filtering to a front desk security guard then how about the concept of CPTED? (crime Prevention through environmental design - for those without a physSec background) Where the 'firewall' watches all that happens on the network and reports when activities are suspicious or new so that the heavies can come in - otherwords something like RealSecure on Steriods...
What kinds of analysis would this entail, in particular what details would be needed from the packets, what data would you want to keep around, what types of analysis would you think would be neccesarry to get anything near a suitable, somewhat reliable mechanism for detecting changes in traffic patterns, or more subtle attacks? There are so many different methods of attack, and vectors that network traffic patterns can change on, perhaps it would do good to define and list those vectors of change in network access patterns first. You would want some sort of time-domain to track the changes in at least, a way to describe various protocols and therefor track changes across them. You would maybe want to identify some major protocol types. Maybe a way to define sequences in a generic manner so you could model various handshaking and service request methods. Then you have to have a way to codify current traffic patterns, in order to identify anomolies. Tho for some reaons I think that this "reactive" securty software has a long way to go from pipe dream, to effective software tool. Craig Brozefsky craig () onshore com onShore Inc. http://www.onshore.com/~craig Development Team p_priority=PFUN+(p_work/4)+(2*p_cash) I hear my inside, the mechanized hum of another world - Steely Dan
Current thread:
- RE: Time for a new FWTK? Stout, William (Nov 26)
- <Possible follow-ups>
- RE: Time for a new FWTK? Bret Watson (Nov 26)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- Re: Time for a new FWTK? Mike Shaver (Nov 29)