-----Original Message-----
Subject: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
> I'm not talking about enforcing HTTP. I'm talking about enforcing
application data. I know
> of a firewall vendor actively developing an Active Directory proxy
enforcing which side of
> the proxy is allowed which methods and objects on the other side of the
proxy.
I immediately trained in on 'actively developing.' Which means that 5 years
after AD became widely used, there's still not a good proxy for it yet. It
shouldn't be rocket science since it's kerberos, LDAP, NetBIOS, RPC, and
COM. It also shouldn't have to come from a third party vendor. But I
digress.
> Mechanism is nothing without policy. And firewalls are mechanism.
Right, but policy is equally useless without mechanisms capable of enforcing
it. And while there are vendors out there that write security proxies for
specific applications and protocols, the products that are out there still
only support a tiny fraction of the protocols present on the average
corporate network.
Not to discount the power of application proxies, but they're far from a
single solution.
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jan 19 2006
Intro
