Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: IPS vs. Firewalls (why vs. ?)
From: Gabriele Buratti <gabriele.buratti () netasq com>
Date: Sun, 05 Feb 2006 06:34:56 +0100

Dave Piscitello wrote:
> If you take issue with this, consider
> that some companies who bash proxies as being performance inhibitors
> bolt SSL VPNs onto their firewalls.

Yep ! You still need proxies to do this SSL stuff as long as to hook an antivirus for example. Remember the old networking rule "switch when you can, route when you must" ? In this field could be read as "analize on-the-fly when you can, rewrite with a proxy when you must". This is something more than "cutting the corners" this is using the best tool available for each job.

> Marcus J. Ranum wrote:
> The fundamental issue always boils down to whether your product
> inherently implements default permit or default deny; what it
> does with the stuff that it will, inevitably, encounter that is
> outside of its knowledgebase.

You have to use both approaches here: let's say our knowledgebase is the definition of http protocol as it should be. So, if you find malformed http (=non compliant) you drop it. What if you find some instant messaging traffic (you don't want in your network) that is http compliant ?


Attachment: gabriele.buratti.vcf

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]