Firewall Wizards mailing list archives

Re: Firewall Primitives

From: Chris Calabrese <chris_calabrese () yahoo com>
Date: Tue, 5 Nov 2002 12:07:13 -0800 (PST)

Hey Crispin,

I know you were at least half kidding from your :-), but I had to rebut
anyway...

Certainly there are examples of firewalls that are little more than a
multi-layer, multi-protocol switch with some basic access control
rules. And lots of special purpose firewalls or "lite" firewalls for
SOHO use still look like this (my home firewall looks like this, plus
some support for NATing IPsec and a bult-in wireless access point, but
it does exactly what I needed it to and only cost about $200 - and
don't bother flaming about the wireless bit either).

On the other hand, trying to market something like that today probably
wouldn't fly in the enterprise firewall market. There the definition of
"firewall" has already expanded to cover stateful rules for handling
tortured protocols like RealAudio, VPN support, rudimentary intrusion
alerting, and hooks for web content filters, spam filters, virus
filters, etc.

I expect that the future of enterprise firewalls holds more advanced
intrusion detection/prevention capabilities (Sidewinder, Netscreen, and
the CrunchBox are leaders here), more integrated web content filters,
spam filters, and malware filters (Symantec comes to mind on this one),
and maybe even some basic honeypot capabilities for evidence gathering
(something Marcus and I discussed a couple of weeks ago at SANS Network
Security).

So... Yes, some firewalls are simplistic. And yes, some marketing guys
try to cover things up.

But no, that doesn't mean that all firewalls are simplistic, that all
marketing people try to cover things up, or that people would buy such
a thing today.

And yes, I'm avoiding the urge to end with a witicism about one or more
of these truisms...

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Firewall Primitives, (continued)
- - - Re: Firewall Primitives Marcus J. Ranum (Nov 06)
    - Re: Firewall Primitives Devdas Bhagat (Nov 07)
    - Re: Firewall Primitives Adam Shostack (Nov 09)
    - BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
    - Re: Firewall Primitives Mikael Olsson (Nov 09)
    - Re: Firewall Primitives Marcus J. Ranum (Nov 09)
    - Re: Firewall Primitives Christopher Hicks (Nov 10)
    - Re: Firewall Primitives Predrag Zivic (Nov 10)
    - Re: Firewall Primitives Stephen P. Berry (Nov 11)
    - Re: Firewall Primitives Cat Okita (Nov 11)
- Re: Firewall Primitives Chris Calabrese (Nov 05)
- Re: Firewall Primitives Alex Goldney (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 11)
  - Re: Firewall Primitives Paul Robertson (Nov 11)
  - Re: Firewall Primitives Stephen P. Berry (Nov 11)