actively support "deep packet inspection" over "application proxies"?
What's the trade-off? A slight speed increase and using a "cool" new
technology vs. a slight loss of control and security (in the form of
record keeping). I'd like to see proof of that speed increase
sometime. Yes, layer 4 (OSI model) filtering is faster than layer 7
proxying but, once you start tacking on layer 7 inspection onto a layer
4 packet filter, does the extra processing requirements even the
equation?
In any case, TaoSecurity states the IDS
issue very nicely and describes a tool that nicely covers one of the blind spots in IDS technologies: session data.
No comments:
Post a Comment