Jacob Winston wrote:
Things are getting a little confusing. ISS claims that its Proventia boxes are also firewallas.
No, I don't think that you're interpreting that right. They have a -M
series box ("multifunction") which are TRUE firewalls plus some IDS/IPS
stuff. They ALSO have the -F boxes (F = ???) which are PURE IPS boxes.
THey are definitely not claiming that the -F is a full firewall.
Intrushield 2.1 has firewall/layer 4 filtering capabilities now.
>If the Intrushield box layer 4 acls now then what makes it not be
equal to a firewall?
> What does a firewall do that an IPS doesn't as long as the IPS can do
layer-4
> access lists? Any info is apprecaited.
You probably haven't been involved in the great firewall debate, but a
L4 ACL is the lowest possible thing you can call a firewall, and most
firewall guys won't even call it that.
To get into the firewall sweepstakes, you have to start with stateful
packet inspection, not the weak crap you get for free in some freeware
firewalls, but something that watches sequence numbers and the *full*
TCP state machine, plus options, defragmentation, all that jazz. From
there, talk to folks like Secure Computing & CyberGuard---they want full
proxy capability. You've got logging issues, authentication questions,
VPN touch-down&filtering, plus now all the firewalls are moving up into
L7 control: anti-virus, maybe anti-spam, content filtering, etc.
An IPS might well have a nice L4 ACL in it, and there's definitely some
benefit to dropping out the junk at the IPS, no question. You can
always back-stop your firewall with an IPS ACL. But a real firewall,
from the point of view of the Netscreen & Check Point developers and
most enterprise buyers, goes way beyond what an IPS does.
Of course, you may not need all that. Your security policy dictates
your requirements. YMMV.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice) +1 520 324 0495 (FAX)
jms@Opus1.COM http://www.opus1.com/jms Opus One
--------------------------------------------------------------------------
FREE Network Security Webinar - How to implement IPSec security into VPN appliances
New threats and vulnerabilities require new high-performance IPSec VPN solutions for network protection.
Join the security experts from SafeNet on August 26 at 1:00 PM (Eastern), and learn how to successfully integrate IPSec security into VPN processors and appliances to provide powerful yet cost-effective VPN solutions for your customers.
Register now:
http://www.securityfocus.com/sponsor/SafeNet_focus-ids_040817
--------------------------------------------------------------------------
