One of the biggest complaints about stateful inspection is that if the
state table becomes corrupt, the network could become vulnerable to the
outside.
Check out application gateways, these proxy servers take a users request
for an Internet service and forward it to the actual service. Proxies
replace the actual service, acting as a gateway and are for this reason
commonly referred to as application gateways.
Visit http://www.securecomputing.com or contact me.
Gordon LaSane
Global Data Systems, Inc.
Internet and Intranet Firewalls and Security Group
Consulting and Installing Solutions for Your Company's Data
Security:
Remote User Authentication
Internet Access
Virtual Private Networks
Web Filtering
Intranets
Firewalls
Gordon LaSane
781/740-8818 x13 ph
781/740-8830 fax
glasane @
gdsconnect .
com
Visit us on the web at http://www.gdsconnect.com
-----Original Message-----
From: MacGyver [SMTP:macgyver @
tos .
net]
Sent: Tuesday, January 06, 1998 11:55 AM
To: Firewalls Mailing List
Subject: Stateful Inspection Anyone?
Hi folks,
I've been wondering this for a while, but just haven't gotten
around to
asking anyone yet:
Checkpoint's Firewall-1 has a feature known as "stateful
inspection" which
they tout as the end-all and be-all of packet-filtering and
inspection.
Anyone had any experience in using this feature or have any
thoughts
regarding stateful inspection? How large of a performance
impact is there
when stateful inspection is enabled? Are the gains worth the
added load?
Hope this spurs some interesting discussion.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
^ Habeeb J. Dihu
-' `- Managing Senior Technologist
" ' ` " Cirrus Technologies
" ' ` "
" ' . ` "
" ' .' ` ` " 'I don't believe in the no-win scenario'
" ` ' `' " -- Captain James T. Kirk, Star Trek
II: TWK
` ' _ _ ' 'There is an old Vulcan proverb, `Only
Nixon
' could go to China.`'
-- Captain Spock, Star Trek VI: TUC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow-Ups:
|
|
