Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall best practices

From: david () lang hm
Date: Fri, 23 Apr 2010 12:18:46 -0700 (PDT)
On Fri, 23 Apr 2010, Martin Barry wrote:


$quoted_author = "Marcus J. Ranum" ;


That's why firewalls need to go back to doing what they
originally did, and parsing/analyzying the traffic that
flows through them, rather than "stateful packet
inspection" (which, as far as I can tell, means that
there's a state-table entry saying "I saw SYN!")


Marcus, are you referring to DPI or proxies or both or something else
entirely?



If the firewall doesn't understand the data it's passing,
it's not a firewall, it's a hub.


If an application emulates HTTPS traffic and is proxy aware, how do you tell
the difference?
There are firewalls on the market that can decrypt HTTPS traffic (and I believe be configured to block any traffic that they can't decrypt) 

David Lang
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: