Firewall Wizards mailing list archives
RE: Time for a new FWTK?
From: Bret Watson <lists () bwa net>
Date: Sat, 29 Nov 1997 11:37:36
At 10:09 PM 11/26/97 -0600, Craig Brozefsky wrote:
On Thu, 27 Nov 1997, Bret Watson wrote:If the application proxy can be likened to bank cashier and stateful filtering to a front desk security guard then how about the concept of CPTED? (crime Prevention through environmental design - for those without a physSec background) Where the 'firewall' watches all that happens on the network and reports when activities are suspicious or new so that the heavies can come in - otherwords something like RealSecure on Steriods...
Tho for some reaons I think that this "reactive" securty software has a long way to go from pipe dream, to effective software tool.
There is research projects going right now looking at identifying when something 'unusual' occurs on the network - remember in a CPTED situation unwanted alarms are useful, as long as there are not too many - but attacks that pass through without detection are not wanted. The key is natural surveillance. One such research project's initial findings were doing s-domain analysis on cable data (note not network data - we are working at RF here not digital) it was noted that hacker attacks had a different spectrum to normal use - of course the sample size was small so it may not be correct. The point being - there is always a different way to do it. Breaking set paradigms is always a good way to create progress. Personally I don't think 'signature' analysis like RealSecure et al do is a viable long term solution - there becomes an upper limit on permutations that is economically unviable (did someone say virus detection - woops). But then again who would have thought we would have the internet as it is now back in the days of FIDONet? Cheers, Bret Technical Incursion Countermeasures Computer Security Consultants consulting () bwa net http://www.bwa.net/ ph: (+61)(08) 9429 8898(UTC+8 hrs) fax: (+61)(08) 9429 8800
Current thread:
- RE: Time for a new FWTK? Stout, William (Nov 26)
- <Possible follow-ups>
- RE: Time for a new FWTK? Bret Watson (Nov 26)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- Re: Time for a new FWTK? Bennett Todd (Nov 28)
- Re: Time for a new FWTK? Craig Brozefsky (Nov 28)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- New firewall paradigms, anyone ? Darren Reed (Nov 28)
- Re: New firewall paradigms, anyone ? Marcus J. Ranum (Nov 28)
- RE: Time for a new FWTK? Craig Brozefsky (Nov 27)
- RE: Time for a new FWTK? Bret Watson (Nov 28)
- RE: Time for a new FWTK? Marcus J. Ranum (Nov 28)
- Re: Time for a new FWTK? Mike Shaver (Nov 29)