RE: Multiple firewalls from different manufactureres

[MHawkins () TULLIB COM]

Yes but PLA's are reprogrammable. Sort of like EPROM or EEPROM. Atleast they
can be swapped out.

Imagine a PCI like "security" slot that is where you plug in your "secured
protocol module".

Sure, converting an RFC into something that works in a PLA would be tough.
But doable.

And actually IPSec is a great example where ASIC's have been developed to
handle the algorithms along with parts of the layer 3 implementation.

Ofcourse, you would want to ensure that you could upload new code to the
PLA's (or swap them out) - in a secure manner.

Imagine if I could put a card into my pc that matched virus signatures
instead of using all those CPU cycles having it done in software.

MH

-----Original Message-----
From: Paul D. Robertson [mailto:paul () compuwar net]
Sent: Friday, January 28, 2005 5:29 PM
To: Hawkins, Michael
Cc: BehmJL () bvsg com; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Multiple firewalls from different manufactureres


On Fri, 28 Jan 2005 MHawkins () TULLIB COM wrote:

> Interesting, it just occurs to me that you could implement RFC's in
> programmable logic arrays.

You might want to read an RFC or two before going any further with that
proposal...  FTP anyone?

> Then your firewall would be much less hackable. Indeed, you would have a
> very strong security story if you could point to an appliance that had
> anything above layer 3 deployed in programmable logic arrays.

Hardwired bugs are no fun.  Being useless because you can't work around
other's bugs is no fun (for instance the PIX SMTP fixup fix on my Postfix
implementation gets triggered quite often.)

> I think the end point of that would be RFC on ASIC's.
>
> Hmmmmmm...

Take the IPSec standard, give it to two teams, and have them implement it.
Now, make the two products interoperate.


Paul
----------------------------------------------------------------------------
-
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
"Disclaimer: This electronic mail is intended only for the use of the
addressee(s)named herein. Unless otherwise specifically stated, the views
contained and expressed in this electronic mail are strictly those of the
individual sender and are not the views of the Company or any of its
Directors or other employees. If you are not the intended recipient of this
electronic mail, you are hereby notified that any dissemination,
distribution or coping of this electronic mail is strictly prohibited. If
you received this electronic mail in error please immediately notify us by
return electronic mail and delete this electronic mail from your system."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards