OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: RE: Reactive Firewalls

RE: Reactive Firewalls

Stout, William (StoutWpios.com)
Tue, 10 Feb 1998 16:15:57 -0500

> ----- Original Message -----
> From: Aleph One [SMTP:aleph1dfw.dfw.net]
> Subject: Reactive Firewalls
>
> On Mon, 9 Feb 1998, Stout, William wrote:
>
> > I like Cisco routers, but NSC borderguard routers respond to Wheelgroup
> > IDS software (Borderware, Borderguard) and they also have R-R VPN
> > capability (data 'sleeves').
>
> Reactive firewalls are one of the worths ideas yet. You are taking
> automated actions based on non-authenticated possible bogus data. That is
> a formular for disaster. Read the recent (release today) Secure Network
> paper on IDS's and their flaws for some reasons why this is so.

As worthless as cron jobs?

I agree to the extent that I seriously question firewalls that shutdown
during a perceived attack. I agree that reactive firewalls can be
dangerous, a hacker/cracker finds out what a target responds to, then
manipulates the target by its' reactions. A reactive firewall makes a
great D.O.S. target.

However it all depends on what you tell it to do in response to an
event. Non-intrusive reactions are O.K.. It may merely page you with a
message, or flash the screen, or keep more detailed logs during that
particular time.

Bill Stout
______________________________________________________________________
There's nothing more ominous than secret projects between domestic
social politics and the military.

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:32 CDT