I was wondering where to put filtering routers myself. In general, the idea is to
place various firewall products in a feature space so one can compare apples with
apples. So many product reviews try to compare stateful inspection firewalls with
application proxy ones, then evaluate them on GUI features and not on security.
One needs to know what the application needs then match that with product features.
Buzzwords are only useful if they characterise an area on feature space that one can
match with needs.
I have seen cries of woe on the Raptor mailing list because somebody's boss says to
replace Raptor with FW-1 because "everybody else uses it". Popularity does not equal
security.
I am presently fighting managers who want to replace Lotus Notes with MS Exchange
because "Notes doesn't support all those pretty JavaScript apps that exchange does".
-----Original Message-----
From: Bernd Eckenfels [mailto:[EMAIL PROTECTED]]On Behalf Of Bernd
Eckenfels
Sent: Wednesday, January 24, 2001 03:15
To: Bill Royds
Cc: Ron DuFresne; Rohit Gupta; firewall list
Subject: Re: stateful inspection
On Tue, Jan 23, 2001 at 11:05:41PM -0500, Bill Royds wrote:
> Stateful Inspection watches the stream including some protocol monitoring and
>matching outgoing and incoming packets. But it doesn't re-create the stream like a
>full proxy does to allow full syntax checking. It does a bit more that just maintain
>TCP state or match ports and IP IDs like a simple stateful filter (versus a stateless
>filter that does not match packets to a conversation).
> There is a kind of hierarchy of firewalls
> NATting router - Modifies destination addresses for private
>networking
> Stateless Packet filter - Checks ports and flags on a packet by packet
>basis
> Statefull Packet filter - Matches packets by sockets (in to out)
> Stateful Inspection - Watches the contents as well(doesn't change
>flags etc.)
> Application Proxy - Recreates contents of incoming to
>outgoing with 2 streams
Actually NAT Routers are normally between Stateful Filters and Stateful
Inspection. Since they keep (session) state and inspect session content (for
FTP, IRC DCC, Netmeeting, ...).
BTW: not much stateful filters will track IP id's. Some, especially if they
offer NAT and PAT will track IP Fragments and reassemble them.
Greetings
Bernd
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
