-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MJR wrote:
>Proxies are _only_ valuable if they do extended state tracking and
>error checking. Very few proxies actually _do_ that kind of extended
>tracking and checking.
Amen - particularly regarding subtle error checking.
Some time ago I seem to recall that Peter Cox of Borderware
mentioned to me that they may have had thrusts into enhancing their
product extensions in this regard - but my memory could well be
inaccurate here.
>we could have
>added not just attack defeating through good design, but specific
>detection of _known_ attacks. I.e.: let's say a web proxy defeats a
>WWW buffer overrun - identify the specific attack in the process of
>blocking it: now you've implemented what amounts to proactive
>intrusion detection and diagnosis.
>That's a really useful model;
Concur. With only one audit trail to correlate and learn from that
tells
you how your _system_ handled it.
mjr makes the point about detection of known attacks, and I agree.
What I'm not sure about is the extent to which we have made
proactive use of extended error checking to dynamically profile
_things_we_may_not_have_seen_before.
Comments?
pz
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBO89rvWtkHSFpr7XxEQIJUQCg5jOJTx7Z7ilOpOv432mJGIPagFEAnjO8
NNz3IGaZWgAnDHayd6Abmi8H
=q/ND
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 19 2001
Intro
