Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: "M. Dodge Mumford" <dodge () dmumford com>
Date: Mon, 12 Aug 2002 21:23:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 12 Aug 2002, Crispin Cowan wrote:
Is anyone besides me sick to death of hearing about "intrusion prevention" and "gateway intrusion detection" technologies?
Occasionally I grow weary of many labels, whether they're applied to security devices, styles of painting, or music. Then I remember that people who aren't experts at things need to put like things together. When they realize they need or want a thing, they look at the different options available. Creating new categories (or market segments) can help new technologies get off the ground. Sure it creates confusion at first, but in that confusion you can get your foot in the door and make your product better. As far as I can tell, the main reason most firewalls haven't advanced particularly is because a very narrow definition of what a firewall must be has been commonly accepted. It appears the definition of what a firewall must be is something along the lines of "A gateway that filters network traffic based on static rules about which hosts may communicate using specific protocols and specific ports". If that is accepted as a definition for a firewall, then when a consultant is setting up a network and they need to make sure the auditors will fill in the "Firewall" checkbox, they are going to want to make sure they get a device that sends data through fast and has a usable GUI. "Who cares if it's defragmenting packets and checking TCP sequence numbers, can I hit my full bandwidth and generate pretty reports?" I find it surprising that there aren't (more? any?) gateway devices that will defragment traffic, create new TCP ISN's (preferably using an onboard random number generator), check TCP sequences, implement "firewall-like rules" <cough>, and make it easy to do higher-level blocking. Higher-level to me means things like blocking specific websites and stripping unknown tags from HTML; blocking email messages that are known spam or contain MS executables; making sure that idle SSH sessions timeout; unmangling DNS requests before resending them. Attacks are happening at (nearly) all the layers and firewalls appear to be happily ignoring them. That's what is letting these "new technologies" happen. Dodge -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (SunOS) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj1YX5kACgkQ1Ei74z0N/5k9cgCgv/kfWajmuZbQtetbbSLkJvnb ak4AoIAJiI5r6u95BLV0eLDAplJICSyI =OxL+ -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name, (continued)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)