>Where can I get information on 'Stateful inspection firewall'
>technology.
Try something like:
http://www.altavista.com/cgi-bin/query?pg=aq&text=yes&kl=XX&r=&act=search&q=
stateful+inspection&d0=&d1=
which yields much dross and;
http://www.ukiahsoft.com/securitywp.html
>How is it comparable with Proxy firewall w.r.t security and hacker
>attacks?
It should be faster than proxy. (Once a session is established, there is
less work to do at the FW)
It is simpler than proxy. (A set of rules and a state table compared to an
emulation)
It is easier to support obscure applications than proxy. (Create rules
rather than code an emulation module)
wrt security it doesn't help so much with back doors in applications - the
outside can still talk /directly/ to a machine in the secure zone (though
often translated) - the machine will behave differently to the proxy in some
situations - weaknesses in the end machine might be less easily managed than
any such weaknesses in the proxy (patches or rules could be applied at the
proxy whereas the machine might not (for various reasons) be so manageable).
Is that general enough? (No - there are other issues..)
There are many examples of bugs in applications that compromise security -
most of which have been irradicated for new unix installations but may still
be present in some of the 20 year old machines that nobody has the time to
fix or replace. The same bugs could of course appear in some new
installations.....
Quinn Fissler
**
These are my personal opinions and as such are in no way attributable to my
employer.
**
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
