Fred Avolio's Weblog
musings on security and other topics topics archives
September
Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
most recent headlines other links


Listed on Blogwise
[Valid RSS]
:: home :: security :: NewFWtechnol.html ::
Thu, 02 Sep 2004
Arrrrrg.

“Firewall vendors such as Check Point Software Technologies and Juniper Netscreen are touting new application-layer filtering capabilities, and these are important advances.”

This was in an InfoWorld analysis by Roger A. Grimes, titled Security landscape shifts as technologies combine. The analysis may be terrific. I cannot get past this statement. The advances were new in 1992. Not today. And we continue to forget our history.

Tim Kramer commented:
“This is a facet of the recurring argument: Layer 7 vs. Layer 3/4. Now they’ve added pseudo Layer 7 inspection to Layer 3/4 devices and they’re calling it “better”. The improvement is a few milliseconds in speed, the tradeoff is security as Layer 7 proxies are still better at limiting/logging content passed thru a firewall.”
Thanks, Tim. I agree, of course.

Comment on this.
[/security] permanent link