Firewall Wizards mailing list archives
RE: Multiple firewalls from different manufactureres
From: MHawkins () TULLIB COM
Date: Fri, 28 Jan 2005 18:05:18 -0500
Yes but PLA's are reprogrammable. Sort of like EPROM or EEPROM. Atleast they can be swapped out. Imagine a PCI like "security" slot that is where you plug in your "secured protocol module". Sure, converting an RFC into something that works in a PLA would be tough. But doable. And actually IPSec is a great example where ASIC's have been developed to handle the algorithms along with parts of the layer 3 implementation. Ofcourse, you would want to ensure that you could upload new code to the PLA's (or swap them out) - in a secure manner. Imagine if I could put a card into my pc that matched virus signatures instead of using all those CPU cycles having it done in software. MH -----Original Message----- From: Paul D. Robertson [mailto:paul () compuwar net] Sent: Friday, January 28, 2005 5:29 PM To: Hawkins, Michael Cc: BehmJL () bvsg com; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Multiple firewalls from different manufactureres On Fri, 28 Jan 2005 MHawkins () TULLIB COM wrote:
Interesting, it just occurs to me that you could implement RFC's in programmable logic arrays.
You might want to read an RFC or two before going any further with that proposal... FTP anyone?
Then your firewall would be much less hackable. Indeed, you would have a very strong security story if you could point to an appliance that had anything above layer 3 deployed in programmable logic arrays.
Hardwired bugs are no fun. Being useless because you can't work around other's bugs is no fun (for instance the PIX SMTP fixup fix on my Postfix implementation gets triggered quite often.)
I think the end point of that would be RFC on ASIC's. Hmmmmmm...
Take the IPSec standard, give it to two teams, and have them implement it. Now, make the two products interoperate. Paul ---------------------------------------------------------------------------- - Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." "Disclaimer: This electronic mail is intended only for the use of the addressee(s)named herein. Unless otherwise specifically stated, the views contained and expressed in this electronic mail are strictly those of the individual sender and are not the views of the Company or any of its Directors or other employees. If you are not the intended recipient of this electronic mail, you are hereby notified that any dissemination, distribution or coping of this electronic mail is strictly prohibited. If you received this electronic mail in error please immediately notify us by return electronic mail and delete this electronic mail from your system." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Multiple firewalls from different manufactureres, (continued)
- Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres Keith A. Glass (Jan 28)
- Re: Multiple firewalls from different manufactureres Joseph S D Yao (Jan 28)
- RE: Multiple firewalls from different manufactureres Hurst, Dave (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- RE: Multiple firewalls from different manufactureres Behm, Jeffrey L. (Jan 28)
- Re: Multiple firewalls from different manufactureres Keith A. Glass (Jan 28)
- RE: Multiple firewalls from different manufactureres MHawkins (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Message not available
- RE: Multiple firewalls from different manufactureres Marcus J. Ranum (Jan 29)
- RE: Multiple firewalls from different manufactureres MHawkins (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- Re: Multiple firewalls from different manufactureres Joseph S D Yao (Jan 29)
- RE: Multiple firewalls from different manufactureres Hurst, Dave (Jan 28)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
- RE: Multiple firewalls from different manufactureres R. DuFresne (Jan 29)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 29)
- RE: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)