Home page logo

basics logo Security Basics mailing list archives

Firewalls- Deep Packet Inspection (L7)
From: cybersecure4561 () gmail com
Date: Fri, 1 Apr 2011 19:52:32 -0600

I'm posting to the forum to ask the opinion of senior FW experts on which firewalls truly perform DPI. I've done some 
research & it appears that their is no industry standard that identifies what DPI is or does. 

Those with FW experience on CP, Cisco, Juniper products, which are fw that do DPI of the payload? I ask this question 
because Cisco IOS CBAC/Inspect or Zone Based rules do use signatures but do not update packet signatures. Cisco relies 
on the edition of IPS packet inspection (updates by SmartNet contract)to achieve the claim of performing DPI. IPS/IDS 
do have their place in the infrastructure but they are not FW's. Enterprise security people would not say forget the FW 
let's use an IDS/IPS instead.

Do check point & Juniper also rely on an IPS as an integral part of DPI or is this function & process carried out only 
by the FW. I know that CP has bundled an IPS into their suite but their IPS is renowned for false positives. It's my 
humble opinion that in the high end firewalls Check Point & Juniper really do DPI(L7).

Are their any independent organizations/labs that have tested vendor claims & performance of firewalls that do DPI? 

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]