I'd like to ask for a quick bit of insight. In recent
discussions with windows networking engineers, we were comparing the
merits of MS ISA proxy vs. IPS, or new security solutions like Web
Application firewalls.
I'd like to know how technical networking security
professionals would compare MS ISA / proxy firewall, with the
capabilities of an IPS, versus a web application firewall solution
(Kavado / Sanctum / Teros / NetContinuum). If we wanted to go a level
deeper, we could throw a MS ISA firewall with ISS Server sensor into the
mix.
At stake is a web application, operating in a secure subnet
/ dmz. If the objective to the "protect" all the servers in the secure
subnet, which device would be adequate, and which may be inadequate for
providing protection from internet attack against servers in the "secure
subnet"?
Does anyone have any quantitative experience comparing Web
Application Firewalls with IPS?
In my humble opinion, all of these solutions are variations
of a proxy solution. In my partially informed mind, the real question
is what application or protocol (PAM) intelligence is applied on top of
the proxy. One resource made the analogy that IPS is "a mile wide, and
a foot deep", and web app firewall is "a foot wide, and a mile deep".
In this discussion, ISA is a general proxy with MS networking
intelligence, and would therefore be shallower in terms of overall "deep
packet inspection" capabilities.
Could anyone knowledgeable in these areas, expand my
enlightenment, please?
dan widger
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
