Great Circle Associates Firewalls
(February 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Raptor vs Firewall-1
From: Laurie Bostic <Laurie_Bostic @ INS . COM>
Date: Wed, 19 Feb 1997 15:32:58 -0600
To: Richard Lowe <R . Lowe @ pindar . co . uk>, firewalls @ GreatCircle . COM 
Richard,

Firewall-1, whose roots are in packet filtering, is touted as a "stateful
packet inspection" application, meaning it looks above layer 2 to the
actual session context.  Raptor, on the other hand, is a true application
proxy which works at the application layer and understands the application
itself as well as the session.  Both have their ads and disads, of course.
In a nutshell, with a true application proxy, you get more stringent
security, usually (but not always) at the cost of performance.  In other
words, for every application proxy daemon instance you run, it's another
hit on the platform resources.  With a stateful packet inspector such as
FW-1, it is a single process usually, less resources, hence faster, at the
cost of some level of security.  Just depends on what your particular
environment is.  The other big advantage to a packet inspector is that you
do not have to write a proxy for each app you need to put through the
fireall.  With a true application proxy, you either have to provide a new
proxy for each application, or you can use a generic proxy, which by
definition offers not a lot in the way of security, but still gives you
good logging.

Just a few thoughts,
Laurie


At 03:37 PM 2/19/97 +0000, Richard Lowe wrote:
>One of our customers is soon to buy a firewall, and we're wondering whether
>to recommend Firewall-1 or Raptor to them (there doesn't seem to be much
>difference in price).
>
>I'm told that Raptor is more secure since Firewall-1 comes from a Packet
>Filtering rather than application Proxy background.  Is this true?
>
>Can anybody put their hand on their heart and make a recommendation?
>
>- Richie
>___________________________________________________________
>Richard Lowe, Internet Consultant/Administrator, Pindar plc
>Tel   : +44 (0)1904 613040    EMail: R .
 Lowe @
 pindar .
 co .
 uk
>Fax   : +44 (0)1904 613110    http://www.pindar.co.uk
>Pager : +44 (0)1426 800403    ISDN: +44 (0)1904 673010
>___________________________________________________________
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Laurie Bostic                     <a href="mailto:laurie_bostic @
 ins .
 com">
 Sr. Network Systems Consultant    Pager  : 1-800-467-1467
 International Network Services    V-Mail : (214) 392-3545 x176
 Dallas Office			 <http://www.ins.com>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow-Ups:
Indexed By Date Previous: Re: Raptor vs Firewall-1 - P.S.
From: Laurie Bostic <Laurie_Bostic @ INS . COM>
Next: [no subject]
From: "Clark, Mike (E&Y)" <MClark2 @ AndersenCorp . com>
Indexed By Thread Previous: Re: Raptor vs Firewall-1
From: Joao Brazao Ferreira <jbf @ tech . telepac . pt>
Next: Re: Raptor vs Firewall-1
From: Matt Wallace <mwallace @ netcom . com>
Google
 
Search Internet Search www.greatcircle.com