I find it interesting that many people still consider Checkpoint to be a "classic" packet filter. Proxy capability for common services was built into Checkpoint 2 major releases ago. Checkpoint refers to their proxies as "security servers." Pattern matching can be configured in the Checkpoint security servers to drop or reject bad packets and kill connections just as easily as (insert favorite n-ids here) can be configured to detect them. In my eyes this is going a long way towards intrusion prevention. Anomaly detection is a different story, but is anyone really delivering on that yet? The Application Intelligence engine built into Checkpoint NG FP4 promises smarter App layer analysis but I have not yet gotten my hands on it to test. At any rate, I have not yet found anything that pure proxy firewalls such as SideWinder can do that a properly configured Checkpoint can't, unless you need to proxy something other than web services. Ryan Thomas CCSA/E/I, CISSP __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 18:17:28 PDT