1 Comment so far

• Chris

  September 3rd, 2006 4:50 pm

  Looking at firewall products over the years they all pretty much do the same thing, there is little magic left in the ‘firewall’ world. I’m always amused though when people/products point out how they ’stop DoS attacks!’ and then list:

  land
  teardrop
  ping-o-death
  (list more host-based ‘DoS’ attcaks here)

  as proof… Does anyone every get attacked by these anymore? Is anything still vulnerable to these anymore? When folks/products talk about ’stops DoS attacks’ they never (save a few specialized devices) really mean ‘DoS attack’ in the real Internet sense of the word.

  The only real ‘magic’ left in firewalls these days, in my opinion, is in the management of them. If a vendor can produce something that can be deployed by an MSS in large scale they have a hope of surviving outside the ‘home firewall’ land. Large scale means, to me, +1000 devices deployed across hundreds of customers with different security policies/demands and the most minimal ‘management’ system required. Say a 1U unix based server with lightweight, web-based?, client application used by the MSS operations staff to manage the deployed devices via the EMS. (obviously a little overly utopian, but MINIMAL… not 1 sunfire v880/100 devices deployed please)

  It just seems silly… and yes, that reviewer must have juniper stock? (not that the netscreen is NOT a good product, but really… )

Leave a reply

name (required)

email ( will not be shown ) (required)

website