Great Circle Associates Firewalls
(June 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: PIX and FW-1 (packet filter Question)
From: "Jonathan M. Bresler" <jmb @ FRB . GOV>
Date: Thu, 05 Jun 1997 13:18:49 -0400
To: Cy Ardoin <ardoin @ cycon . com>
Cc: Firewalls @ GreatCircle . COM
In-reply-to: Your message of "Wed, 04 Jun 1997 19:45:07 EDT." <Pine . BSF . 3 . 96 . 970604190236 . 12334B-100000 @ live-oak . cycon . com> 
>I don't think there is anything an application firewall can
>do that can't also be done by a "packet filter" firewall.  The

	trivial example:
	a smtp application level proxy can disable the "debug" command
for every sendmail behind that firewall.

>new packet filter firewalls are not like the old Cisco/Bay router
>filters.  The new systems operate at the network layer, but they
>have knowledge of the protocols and applications.  They
>open up the packets and modify the data.  These systems are
>doing content filtering and other "application" types of operations.
>Yes, not all of them do these things, but many do, and new
>feature/functions are being added to these systems every year.

jmb


-- 
Jonathan M. Bresler             202-452-2831                 breslerj @
 frb .
 gov
MS-169          Federal Reserve Board of Governors        Washington DC 20551
Speaking for myself.  Others speak for the Federal Reserve Board of Governors
Follow-Ups:
References:
Indexed By Date Previous: RE: [FW1] Out of Band Data Attack against NT-Hosts
From: Daniel Strawson <daniel @ elmail . co . uk>
Next: Re: [FW1] Out of Band Data Attack against NT-Hosts
From: "Conrad Minor" <minorc @ reston . ans . net>
Indexed By Thread Previous: RE: PIX and FW-1 (packet filter Question)
From: "Daniel J Blander - Sr. Systems Engineer for ACS" <Daniel . Blander @ ACSacs . Com>
Next: Re: PIX and FW-1 (packet filter Question)
From: Cy Ardoin <ardoin @ cycon . com>
Google
 
Search Internet Search www.greatcircle.com