Re: CRIME IDS is dead says Gartner

From: Ryan Thomas (babsabbis@private)
Date: Tue Jun 24 2003 - 17:53:40 PDT

  • Next message: VS: "Re: CRIME IDS is dead says Gartner"

    I find it interesting that many people still consider
    Checkpoint to be a "classic" packet filter.  Proxy
    capability for common services was built into
    Checkpoint 2 major releases ago.  Checkpoint refers to
    their proxies as "security servers."  Pattern matching
    can be configured in the Checkpoint security servers
    to drop or reject bad packets and kill connections
    just as easily as (insert favorite n-ids here) can be
    configured to detect them.  In my eyes this is going a
    long way towards intrusion prevention.  Anomaly
    detection is a different story, but is anyone really
    delivering on that yet?  The Application Intelligence
    engine built into Checkpoint NG FP4 promises smarter
    App layer analysis but I have not yet gotten my hands
    on it to test.  At any rate, I have not yet found
    anything that pure proxy firewalls such as SideWinder
    can do that a properly configured Checkpoint can't,
    unless you need to proxy something other than web
    services.
    
    Ryan Thomas
    CCSA/E/I, CISSP
    
    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!
    http://sbc.yahoo.com
    



    This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 18:17:28 PDT