I would be curious to hear what folks out there have to say about who the good Proxy Firewall vendors are right now? Who has the market share? The only commercial one I can readily name is Gauntlet.
KK knull --- "Georges J. JAHCHAN, P. Eng." <[EMAIL PROTECTED]> wrote: > Stateful packet inspection is nowhere near enough > protection, especially if > "holes" are poked through the firewall to allow > public access to services in > a DMZ. > > A stateful firewall will allow malicious packets to > make it to a vulnerable > server. It inspects the packets up to layer-4, > ignoring the "payload" which > extends to layer-7. To offer real world protection, > a stateful packet > inspection firewall needs to be supplemented by one > or more of the > following: > > 1) Network intrusion detection system. > 2) Server intrusion detection. > 3) Content checking proxy (html, email, etc...) > 4) Application-level firewall (such as SecureIIS for > MS IIS). > 5) Network anti-virus protection. > 6) Desktop anti-virus protection. > 7) Firewall at the desktop. > > George Jahchan > Technical Manager > Compucenter > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: "kk downing" <[EMAIL PROTECTED]> > Cc: "Enrique Martin" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; "Bill Royds" > <[EMAIL PROTECTED]> > Sent: Thursday, April 04, 2002 5:03 pm > Subject: RE: Migration from Gauntlet 5 to Firewall-1 > > > Proxy firewalls are slower than stateful inspection > and stateful > inspection is adequate for most uses. > It is not security that sells firewalls, but "cover > your *ss" for > liability. > Proxy firewalls are also less flexible since they > need to have a proxy for > each service, The new whiz-bang application using a > new proprietary > protocol is much more difficult to handle in a proxy > firewall than > stateful inspection. > Security is not what counts today in sales of > internet security > products. It is GUI, flexibility and market share. > Unfortunate, but true. > > Bill Royds > Acting System Administrator, > Canadian Heritage Information Network > (819) 994-1200 X 239 > > > > > > kk downing <[EMAIL PROTECTED]> > 04/04/02 09:34 AM > > > To: Bill Royds <[EMAIL PROTECTED]>, > Enrique Martin <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > cc: > Subject: RE: Migration from Gauntlet > 5 to Firewall-1 > > > Why is a proxy firewall inherently more secure than > a > stateful inspection firewall. If this is true why is > the trend towards stateful inspection among leading > firewall vendors? I was under the impression that > most > shops were moving away from Gauntlet which it was my > understanding was pretty much a favorite of the > financial industry but not many others. > > --- Bill Royds <[EMAIL PROTECTED]> wrote: > > Gauntlet is a proxy firewall and FW-1 uses > stateful > > inspection so there are significant logical > > differences between one and the other. Because of > > this it probably not be a good idea to just > convert > > the rules. A proxy firewall is inherently more > > secure than a stateful inspection one. So a single > > rule on the Gauntlet may need several FW-1 rules > in > > a particular order to achieve the same effect. > > Blowing the order can invalidate the effect of the > > rules. > > I would recommend reviewing your security > policy > > with a good FW-1 expert and re-creating the FW-1 > > rule set from the beginning to ensure that it > still > > covers the same areas that your Gauntlet covered. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf > Of > > Enrique Martin > > Sent: Wed April 03 2002 05:04 > > To: [EMAIL PROTECTED] > > Subject: Migration from Gauntlet 5 to Firewall-1 > > > > > > Hi all, > > have do you do a migration of the policies from > > Gauntlet to Firewall-1 > > in diferents machines? > > I think that it doesn�t be too much difficult, but > I > > would like to have > > some advices from someone who has do it. Somebody > > could help me? > > > > Thanks in advanced. > > > > ------ > > Enrique > > -- > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://taxes.yahoo.com/ > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
