Some vendors utilize pattern recognition while others use packet
dis-assembly/re-assembly. A good amount of large organizations get
introduced to a Desktop firewall through the use of a user purchasing a
personal firewall bringing it into work on their laptop. It is hard to beta
some corporate IDS products since in most cases, organizations do not have a
clue on how to a IDS to ensure that is properly configured, (albeit, some
tuning may be necessary after in order to tweak an IDS for that particular
environment.) Some admins do not have time to search, download and compile
the tools necessary to test an IDS. Which leads to another topic: IDS
testing tools, how do you know you IDS is actually doing what the vendor
says it does. ??
/m
-----Original Message-----
From: Avi Fogel [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 10, 2001 7:58 PM
To: 'Mark Teicher'; 'Brian Ford'; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Personal Firewalls in corporate settings...
As Mark points out I can defintely add (and I'm off-course biased) that:
1. A new genre of "personal firewalls" is now shipping, from several
vendors, which IDC calls Distributed Host Firewalls (for a detailed
technical review - see:
http://www.research.att.com/~smb/papers/distfw.html )
2. These typically provide the following:
a. very granular network access control rules
b. rules for inbound or outbound transmissions
c. stateful inspection of packets
d. pattern recognition based host IDS
e. central administration console with software / policy "push"
capabilities; log aggregation and analysis; provisioning of hundreds or
thousands of desktops and servers; ability for desktops to work in
"headless" mode and other features.
3. I can also add that very many large organizations are rolling out
enterprise-wide deployments of these as a COMPLEMENT (in all but very few
cases) to perimeter firewalling solutions.
Avi
Avi A. Fogel
Network-1 Security Solutions, Inc.
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Teicher
>>> Sent: Friday, February 09, 2001 11:12 AM
>>> To: Brian Ford; [EMAIL PROTECTED]
>>> Cc: [EMAIL PROTECTED]
>>> Subject: RE: Personal Firewalls in corporate settings...
>>>
>>>
>>> There are some vendors that play in both the personal
>>> firewall/IDS market
>>> and corporate IDS market. Some vendors even have solutions
>>> that address
>>> the points brought up in this mail thread.
>>>
>>> Some even have remote deployment ability that hide the
>>> application from the
>>> remote user but allows for enterprise management of rules, logs and
>>> security settings.
>>>
>>> /mark
>>>
>>> At 10:10 AM 2/9/01 -0500, Brian Ford wrote:
>>> >Mark (and List),
>>> >
>>> >Try to remember that you're reaching many people here on
>>> list who work
>>> >with enterprise firewall solutions. As demonstrated by
>>> some of the
>>> >messaging, in that setting it initially seems odd that
>>> you'd deploy
>>> >personal firewalls. A case can be made, but given the
>>> state of personal
>>> >firewalls, it might be less than supportable (right now,
>>> that could
>>> >changes in moments).
>>> >
>>> >I'd ask everyone to think for a moment about how many
>>> corporations are
>>> >extending the desktop out into the world. Many, many
>>> folks now have
>>> >laptops and docks rather than a traditional PC. These
>>> same users have
>>> >access to the Internet, through which they can gain access
>>> to a corporate
>>> >intranet via a VPN.
>>> >
>>> >A personal firewall is suggested in many Internet
>>> connected environments,
>>> >especially the increasingly mobile, laptop oriented parts
>>> of the world.
>>> >
>>> >So, how does the fact that we have users with laptops who
>>> can take them
>>> >home and plug into a "not protected by corporate" Internet
>>> connection,
>>> >factor into this? These are users and PCs that are
>>> mobile, moving inside
>>> >and outside the corporate firewall.
>>> >
>>> >Regards,
>>> >
>>> >Brian
>>> >
>>> >
>>> >>Date: Fri, 9 Feb 2001 13:13:51 -0000
>>> >>From: Mark Watts <[EMAIL PROTECTED]>
>>> >>Subject: RE: Personal Firewalls in corporate settings...
>>> >>
>>> >>Brenno,
>>> >>
>>> >>You're absolutely right - letting the user administer the
>>> firewall is just
>>> >>as bad as not having it.
>>> >>
>>> >>Several of the newer versions of these firewalls, Tiny
>>> for example, have
>>> >>the ability to supress warning dialogs and also allow
>>> password protected
>>> >>remote administration.
>>> >>
>>> >>
>>> >>
>>> >>Maybe I should clarify my position,
>>> >>
>>> >>I'm researching a report on Personal Firewalls and their
>>> potential use in a
>>> >>corporate environment.
>>> >>This means that I'm testing many of the latest offerings.
>>> >>
>>> >>Some of them do appear to have very good centralised
>>> administration/rollout
>>> >>support.
>>> >>
>>> >>I'm not necessarially for or against them - just looking
>>> for balanced
>>> >>opinions.
>>> >>
>>> >>Cheers,
>>> >>
>>> >>Mark.
>>> >
>>> >-
>>> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> >"unsubscribe firewalls" in the body of the message.]
>>>
>>> -
>>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
