Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 16 Apr 2002 10:25:44 -0400
"Patrick M. Hausen" wrote:
But you already have a firewall in place, right? A firewall which is policy enforcement device with respect to traffic passing from your internal network to the Internet and vice versa, right?
Within the limits of the capabilities of firewall technology.
And the policy is to deny everything which is not explicitly allowed, right?
Blanket rules blocking broad swatches of communications may be fine for some organizations but academic organizations, to name one type, installed a network to communicate, exchange information, and research. What if my policy is that I wish to allow all ssh traffic except that which is trying to exploit an openssh buffer overflow? We've got new research collaborations all the time. Or allow all http traffic except that which is trying to access cmd.exe or *.ida? Or allow all RPC-portmap traffic except that which is trying to overflow statd? Or allow all http or ftp traffic except that which attempts connections to those ports on every campus machine?
A properly understood and configured firewall is an "Intrusion Prevention Device" in the same way an armed guard is. If you needed a supervisor for the guard telling the guard what to do ... better fire the guard and let the supervisor do that job.
Better to get a better educated armed guard. If the armed guards instructions are simply to only allow company trucks and people with passes and only to the visitors center or warehouse a relatively simple firewall will do the job assuming both the warehouse and visitors center are hardened. But not all networks or organizations are designed as closed systems. They want the full capabilities of the communications system we call the Internet. They want to allow their constituents, who may not always have the most hardened systems whether because of training, time, or the vendor's focus on ease of use rather than security, full communications access but still provide them some protection. Those organizations need more capable guards...i.e. an IPD. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Intrusion Prevention Firewall, (continued)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 04)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall dont (Apr 06)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 05)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Pieper, Rodney (Apr 06)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 08)
- Re: Intrusion Prevention Firewall Vern Paxson (Apr 06)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 16)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 18)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)