Yes, I am reading not just old issues of magazines … So here is a jewel I found in the December issue of the Information Security Magazine:
if you work with large, high-performance networks, make sure yo uare using system such as Windows 2000 or Linux kernels 2.1.9 or later.
2.1.9? I am not even sure whether kernel.org still has those around 🙂 Does he mean 2.4.9? Maybe. I think he’s another author that has not used Linux. At least not in a while. The quote stems from an article called “The Weakest Link” by Michael Cobb. Another author who is coming up with new terminology. This time it’s Application Level Firewall. While I have definitely heard this term, the author manages very well to confuse me:
Where IDS informs of an actual attack, IPS tries to stop it. IPS solutions tend to be deployed as added security devices at the network perimeter because they don’t provide network segmentation.
ALFs provide the application-layer protection of an IPS by merging IDS signatures and application protocol anomaly detection rules into the traffic-processing engine, while also allowing security zone segmentation.
That’s a long one and reading it, I don’t really see the difference between ALFs and IPSs. Network segmentation? Hmm… Interesting. Is that really the difference? I have to admit, I don’t know, but this seems like a “lame” difference. I bet the IPSs out there can do network segmentation.
The report manages to omit something that I think is quite important. When the author talks about decision factors for buying ALFs (by the way, this reminds me of the brown creature ALF on the TV series…), he does not mention that logs need to be monitored! And that requires from the application that the logs they produce need to be useful. What a concept.
Raf-
I enjoyed all 3 infosec magazine posts. I have to say, I too am frustrated by a lack of standardized nomenclature, and subjective opinions taken as fact (like the CISA exam question about which firewall technology is the best).
I don’t see it getting any better, unfortunately, until the attractiveness of the infosec market cools off, and/or the technologies become commoditized.
Heck, we can’t even agree on definitions of Risk, Threat, and Vulnerability.
Comment by Alex Hutton — December 24, 2005 @ 11:05 pm