Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Application Layer Firewal? There is such a thing?

from [Brandon Shoemaker] Network Security [Permanent Link]
Subject: RE: Application Layer Firewal? There is such a thing?
Date: Fri, 27 Oct 2006 13:49:58 -0700 
We're watching this market.
 
Here is a collection of links I've accumulated.
 
Brandon Shoemaker
Security Analyst
VEGAS.com
_________________________
 
http://www.networkworld.com/news/2005/120505-firewalls.html
 
http://www.webappsec.org/projects/wafec/
 
http://www.bluecoat.com/solutions/security/reverseproxy.html
 
http://www.isaserver.org/articles/What-is-ISA-2006-Firewall.html
 
http://www.f5.com/products/TrafficShield/
 
http://www.citrix.com/English/ps2/products/product.asp?contentID=25636
 
http://www.netcontinuum.com/products/productLines/index.cfm
 
http://www.imperva.com/products/securesphere/web_application_firewall.ht
ml
 
http://www.protegrity.com/defiancetms.html
 
http://www.checkpoint.com/products/web_intelligence/index.html
 

________________________________

From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Joe Kim
Sent: Friday, October 27, 2006 1:04 PM
To: Ivan .
Cc: Mario A. Spinthiras; firewalls@securityfocus.com
Subject: Re: Application Layer Firewal? There is such a thing?


Now If i may add some more 'fun' to this thread. One reason why cisco
didn't compete in this bake off 'could' of been because their firewall
performance decreases significantly when major FW functionalities are
turned on for example NAT or even passing small packets. Or they are big
enough that they really could careless about small bake offs such as
these. They'd much rather play the corporate political card and strong
arm than winning technicaly in my experience... 
 
 Anyone wonder why cisco never publishs #'s for their fw / asa/isr w/
small packets or mixed packet size? 
 
Also most 'independent' testers such as tolly or other groups are
paid/for hire. 

And yes i also used to work w/ multi vendor fw's everyday 
 
 
On 10/27/06, Joe Kim <joekim13@gmail.com> wrote: 

        This is more fun than i thought. This FW bake off is from
2005!!! and yes i know the PIX is replaced by the ASA and yes i was
talking about market share or according to Gartners magic quadrant for
fw's. 
        
         
        Joe 
        
         
        
        On 10/26/06, Ivan . <ivanhec@gmail.com> wrote: 

                top 3 includes Cisco? Cisco didn't even submit the Pix
for this
                bakeoff??? They may be in the top 3 for market share,
but I doubt they 
                are even close when it comes to technology
                
                Deep Inspection Firewalls
        
http://www.networkcomputing.com/showArticle.jhtml?articleID=160910889&pg
no=1 
                
                cheers
                Ivan
                
                On 10/27/06, Joe Kim < joekim13@gmail.com
<mailto:joekim13@gmail.com> > wrote:
                > actually genous, a layer 3 firewall is simply a packet
filter such as a
                > router that is not state aware. Most firewalls these
days will do some level 
                > layer 3~7 inspection. Such as keeping state and
performing RFC, application 
                > specfic inspection.
                >
                > The top 3 firewalls in the market Juniper Netscreen,
Checkpoints, Cisco all
                > do more than layer 3 inspection. 
                >
                > Joe
                >
                > On 10/24/06, Mario A. Spinthiras <
mario@netway.com.cy> wrote:
                > > Ivan . wrote:
                > > > There are more App based firewalls around, like 
                > > >
                > > > http://www.netcontinuum.com/
                > > >
                > > > cheers 
                > > > Ivan
                > > >
                > > > On 19 Oct 2006 21:21:59 -0000, joekim13@gmail.com
< joekim13@gmail.com>
                > > > wrote:
                > > >> do you need layer 7 inspection or layer 7 proxy? 
                > > >>
                > > >> For proxy fw's sidewinder ( dont' really prefer
to use them) or
                > > >> Symantec Gateway Security applicances ( symantec
announced they are
                > > >> discontinuing). 
                > > >>
                > > >> As for fw's i'd recommend a Netscreen fw as they
can have IPS/IDP
                > > >> blades in combination with a stateful inspection
firewall. Check out
                > > >> the ISG line. 
                > > >>
                > > >> Another decent layer 7 inspection fw is
checkpoint. but costly and
                > > >> limited # of layer 7 inspection.
                > > >>
                > > >> Joe
                > > >> 
                > > >
                > > >
                > > Layer 7 proxy ? What does that do deny you from
entering input in a CLI
                > > or clicking on a "cancel/apply/ok" button in a GUI ?
A firewall is based
                > > on performing filtering tasks on a layer 3 protocol!
                > >
                > > I haven't really heard of such a firewall but heck
ive seen stuff in our
                > > line of business that you dont see on any city's
Saturday night. 
                > >
                > > Firewall = application
                > >
                > > Its filtering process = Layer 3 (IP)
                > >
                > >
                > > EOF
                > >
                > >
                > > Have a nice day,
                > > Mario A. Spinthiras 
                > >
                > >
                > > P.S id enjoy more challenging topics with regards to
firewalls. Thank you.
                > >
                >
                >
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Application Layer Firewal? There is such a thing?, Joe Kim
Next by Date:  Re: Application Layer Firewal? There is such a thing?, Mario A. Spinthiras
Previous by Thread:  Re: Application Layer Firewal? There is such a thing?, Joe Kim
Next by Thread:  Re: Application Layer Firewal? There is such a thing?, Mario A. Spinthiras
Indexes:  [Date] [Thread] [Top] [All Lists]