The Dunning–Kruger effect in FP&A
Palo Alto Networks started selling next-generation firewalls in 2007 and has gathered critical and specific requirements from thousands of clients that informed this list of requirements for today’s next-generation firewalls.
If any application can run on any port, your next firewall must classify traffic by application and on all ports—all of the time. Otherwise, security controls will continue to be outwitted by the same techniques that have plagued them for years.
From: http://www.information-management.com/gallery/10-things-your-next-firewall-must-do-10030028-1.html?utm_campaign=daily-oct%2022%202016&utm_medium=email&utm_source=newsletter&ET=informationmgmt:e7934438:2047253a:&st=email&eid=8e5f5423e859a64488540fc441962c81
Related posts
There are different types of circumvention applications, each using slightly different techniques. There are both public and private external proxies that can use both HTTP and HTTPS (see proxy.org for a large database of public proxies). Private proxies are often set up on unclassified IP addresses, such as home computers, with applications like PHProxy or CGIProxy. Remote access applications like MS RDP or GoToMyPC can have legitimate use, but due to the associated risk these should be managed. Most other circumventors such as Ultrasurf, Tor and Hamachi don’t have business uses. Regardless of the policy stance, your next firewall needs to have specific techniques to deal with all of these applications….read more.