|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: "firewalls" at high speed -- was Re: FW: your mail
Perfectly... On Mon, 27 Sep 1999, Howard C. Berkowitz wrote: > Date: Mon, 27 Sep 1999 08:27:27 -0400 > From: Howard C. Berkowitz <[email protected]> > To: [email protected] > Subject: "firewalls" at high speed -- was Re: FW: your mail > > ... > > > All good points. Something else to consider: with increasing cryptographic > security requirements, the "firewall" (ambiguous term as it is, but let's > think of it as a stateful packet screen -- the major approach at high > speed) is not the only device between you and the outside. It's worth > thinking of: > > Bastion hosts -- not trusted with crypto keys > Security gateways -- trusted to do encryption > IPsec gateways > SSL/TLS proxies > Conduits with access lists -- for host-to-host encryption, where > the firewall wouldn't add value > > There is also the very murky area where logging and intrusion detection > mix, and whether they can operate at these speeds/ > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
|