Firewall Wizards mailing list archives

Re: Evolution of Firewalls

From: Chunduru Rama Krishna Prasad <rkp () intotoinc com>
Date: Tue, 09 Mar 2004 09:38:39 +0530

Hi Kang,

Application proxy firewalls run based on the applications. Example newapplication comes in market again you have to write new application proxy .


    Stateful packet inspection firewall is better than proxy firewalls.

Other things which you may would like to consider are:
1. Common attack detection and prevention.
2. ALG Support (There are some applications that don't work
without ALG support such as H.323, FTP, RTSP, SQL*NET,
based on your requirement DNS for twice NAT)
3. Performance.
4. Flexible user interface. 5. Type of NAT support.

6.Do vulnerability scanning for the firewall.Search in the internet forutilities like nessus etc.,

Analyze your security requirements and make sure that firewall satisfiesyour needs.


Regards,
RKP


At 11:56 PM 3/4/2004 +0800, skpoo () pacific net sg wrote:

Hi, I am currently evaluating several types of firewalls for the company.
Our team is currently debating if Stateful Deep Inspection firewall isgoing be the new technology to replace the Application Proxies firewallwhich deem to be most secure currently.
I personally feel that Deep Inspection firewall is less reliable as weknow that it only blocks what is known to be bad. This seems to be lesseffective and become an never-ending arm race where Deep Inspectioinfirewall requires the most updated bad list all the time.
On the other hand, Application Proxies firewall only allows what is knownto be good. This makes the defence become more effective as we know goodthings do not change as frequently as bad things.
Any input would be very much appreciated.

Kang


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Evolution of Firewalls, (continued)
- - - Re: Evolution of Firewalls Dave Piscitello (Mar 09)
    - Re: Evolution of Firewalls Frederick M Avolio (Mar 09)
    - Re: Evolution of Firewalls Christian Kreibich (Mar 11)
    - Re: Evolution of Firewalls ArkanoiD (Mar 09)
    - Re: Evolution of Firewalls Patrick M. Hausen (Mar 11)
    - Re: Evolution of Firewalls Mikael Olsson (Mar 11)
    - Message not available
    - Re: Evolution of Firewalls ArkanoiD (Mar 11)
    - vpn end-point Shimon Silberschlag (Mar 18)
    - Re: Evolution of Firewalls Marcus J. Ranum (Mar 09)
  - Re: Evolution of Firewalls Chris Blask (Mar 09)
- Re: Evolution of Firewalls Chunduru Rama Krishna Prasad (Mar 09)
  - Re: Evolution of Firewalls Devdas Bhagat (Mar 11)
  - Re: Evolution of Firewalls Marcus J. Ranum (Mar 12)
    - Re: Evolution of Firewalls ArkanoiD (Mar 18)
    - Re: Evolution of Firewalls Marcus J. Ranum (Mar 18)
- RE: Evolution of Firewalls Melson, Paul (Mar 09)