RE: Time for a new FWTK?

[Bret Watson <lists () bwa net>]

At 10:09 PM 11/26/97 -0600, Craig Brozefsky wrote:
> On Thu, 27 Nov 1997, Bret Watson wrote:
>
> > If the application proxy can be likened to bank cashier and stateful
> > filtering to a front desk security guard then how about the concept of
> > CPTED? (crime Prevention through environmental design - for those without a
> > physSec background)
> > Where the 'firewall' watches all that happens on the network and reports
> > when activities are suspicious or new so that the heavies can come in -
> > otherwords something like RealSecure on Steriods...


> Tho for some reaons I think that this "reactive" securty software has a 
> long way to go from pipe dream, to effective software tool.

There is research projects going right now looking at identifying when
something 'unusual' occurs on the network - remember in a CPTED situation
unwanted alarms are useful, as long as there are not too many - but attacks
that pass through without detection are not wanted. The key is natural
surveillance. One such research project's initial findings were doing
s-domain analysis on cable data (note not network data - we are working at
RF here not digital) it was noted that hacker attacks had a different
spectrum to normal use - of course the sample size was small so it may not
be correct. The point being - there is always a different way to do it.

Breaking set paradigms is always a good way to create progress.

Personally I don't think 'signature' analysis like RealSecure et al do is a
viable long term solution - there becomes an upper limit on permutations
that is economically unviable (did someone say virus detection - woops).

But then again who would have thought we would have the internet as it is
now back in the days of FIDONet? 

Cheers,

Bret
Technical Incursion Countermeasures     Computer Security Consultants
consulting () bwa net                      http://www.bwa.net/
ph: (+61)(08) 9429 8898(UTC+8 hrs)      fax: (+61)(08) 9429 8800