Fred Avolio's Musings

iChat Status

musings on security and other topics topics archives
September
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
most recent headlines other links, other blogs  

:: home ::
Thu, 02 Sep 2004
Arrrrrg.

"Firewall vendors such as Check Point Software Technologies and Juniper Netscreen are touting new application-layer filtering capabilities, and these are important advances."

This was in an InfoWorld analysis by Roger A. Grimes, titled Security landscape shifts as technologies combine. The analysis may be terrific. I cannot get past this statement. The advances were new in 1992. Not today. And we continue to forget our history.

Tim Kramer commented:
"This is a facet of the recurring argument: Layer 7 vs. Layer 3/4. Now they've added pseudo Layer 7 inspection to Layer 3/4 devices and they're calling it "better". The improvement is a few milliseconds in speed, the tradeoff is security as Layer 7 proxies are still better at limiting/logging content passed thru a firewall."
Thanks, Tim. I agree, of course.

Comment on this.
[/security/] permanent link