As Mark points out I can defintely add (and I'm off-course biased) that:
1. A new genre of "personal firewalls" is now shipping, from several
vendors, which IDC calls Distributed Host Firewalls (for a detailed
technical review - see:
http://www.research.att.com/~smb/papers/distfw.html )
2. These typically provide the following:
a. very granular network access control rules
b. rules for inbound or outbound transmissions
c. stateful inspection of packets
d. pattern recognition based host IDS
e. central administration console with software / policy "push"
capabilities; log aggregation and analysis; provisioning of hundreds or
thousands of desktops and servers; ability for desktops to work in
"headless" mode and other features.
3. I can also add that very many large organizations are rolling out
enterprise-wide deployments of these as a COMPLEMENT (in all but very few
cases) to perimeter firewalling solutions.
Avi
Avi A. Fogel
Network-1 Security Solutions, Inc.
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Teicher
>>> Sent: Friday, February 09, 2001 11:12 AM
>>> To: Brian Ford; [EMAIL PROTECTED]
>>> Cc: [EMAIL PROTECTED]
>>> Subject: RE: Personal Firewalls in corporate settings...
>>>
>>>
>>> There are some vendors that play in both the personal
>>> firewall/IDS market
>>> and corporate IDS market. Some vendors even have solutions
>>> that address
>>> the points brought up in this mail thread.
>>>
>>> Some even have remote deployment ability that hide the
>>> application from the
>>> remote user but allows for enterprise management of rules, logs and
>>> security settings.
>>>
>>> /mark
>>>
>>> At 10:10 AM 2/9/01 -0500, Brian Ford wrote:
>>> >Mark (and List),
>>> >
>>> >Try to remember that you're reaching many people here on
>>> list who work
>>> >with enterprise firewall solutions. As demonstrated by
>>> some of the
>>> >messaging, in that setting it initially seems odd that
>>> you'd deploy
>>> >personal firewalls. A case can be made, but given the
>>> state of personal
>>> >firewalls, it might be less than supportable (right now,
>>> that could
>>> >changes in moments).
>>> >
>>> >I'd ask everyone to think for a moment about how many
>>> corporations are
>>> >extending the desktop out into the world. Many, many
>>> folks now have
>>> >laptops and docks rather than a traditional PC. These
>>> same users have
>>> >access to the Internet, through which they can gain access
>>> to a corporate
>>> >intranet via a VPN.
>>> >
>>> >A personal firewall is suggested in many Internet
>>> connected environments,
>>> >especially the increasingly mobile, laptop oriented parts
>>> of the world.
>>> >
>>> >So, how does the fact that we have users with laptops who
>>> can take them
>>> >home and plug into a "not protected by corporate" Internet
>>> connection,
>>> >factor into this? These are users and PCs that are
>>> mobile, moving inside
>>> >and outside the corporate firewall.
>>> >
>>> >Regards,
>>> >
>>> >Brian
>>> >
>>> >
>>> >>Date: Fri, 9 Feb 2001 13:13:51 -0000
>>> >>From: Mark Watts <[EMAIL PROTECTED]>
>>> >>Subject: RE: Personal Firewalls in corporate settings...
>>> >>
>>> >>Brenno,
>>> >>
>>> >>You're absolutely right - letting the user administer the
>>> firewall is just
>>> >>as bad as not having it.
>>> >>
>>> >>Several of the newer versions of these firewalls, Tiny
>>> for example, have
>>> >>the ability to supress warning dialogs and also allow
>>> password protected
>>> >>remote administration.
>>> >>
>>> >>
>>> >>
>>> >>Maybe I should clarify my position,
>>> >>
>>> >>I'm researching a report on Personal Firewalls and their
>>> potential use in a
>>> >>corporate environment.
>>> >>This means that I'm testing many of the latest offerings.
>>> >>
>>> >>Some of them do appear to have very good centralised
>>> administration/rollout
>>> >>support.
>>> >>
>>> >>I'm not necessarially for or against them - just looking
>>> for balanced
>>> >>opinions.
>>> >>
>>> >>Cheers,
>>> >>
>>> >>Mark.
>>> >
>>> >-
>>> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> >"unsubscribe firewalls" in the body of the message.]
>>>
>>> -
>>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
