Domain: radware.com
Stories and comments across the archive that link to radware.com.
Comments · 11
-
Re:Well lets see...
1) A CA is merely a person/organization that certifies that client X is who client X claims to be. PGP/GnuPG works just fine using the "web of trust" concept, whereby instead of having organization O tell you that you can trust them*, you decide who YOU trust to be able to make such a verification.
*Example: Verisign handed a hacker a copy of Microsoft's private keys for their SSL certificate because someone phoned them claiming to be a Microsoft employee. I'm not sure I'm inclined to trust Verisign as much because of that, but I've no means of requiring Verisign-signed certs be countersigned by someone else in the existing system.
*Example: Britain tried to restrict all PKI to three licensed institutions handling ALL key generation. Don't think they U-turned because the fans of PGP screamed blue murder. British parliament doesn't work that way. They changed course because Businesses screamed blue murder. Which tells me businesses have absolutely no objection to going into the CA business at some level, even if it's on a trivial scale.
2) 65,000 connections per second, 20,000 SSL connections per second, 10,000 SSL connections per second... You get the idea. Sure they cost money, but so does a lawsuit if data gets stolen. SSL does not improve anything about end-user experience or maintainability, you are correct. It does improve your chances of staying in business if you handle sensitive information - and, these days when data mining has become a fine art, a lot of data is becoming very sensitive.
3) Since an SSL appliance or SSL-enabled proxy can provide different names to different servers on the outside whilst providing different names and internal IPs on the inside, whose vanity does it appeal to? Most of those 30x that I saw were blatantly unaware that SSL appliances (with different certificates per target hostname) even existed, so I consider them inferior geeks.
-
There's a word for people like him
Loser.
I'm trying to be objective here.
Appliances produced by Tumbleweed, Allot and Radware are all heavily adopting FOSS. They can secure their VC investment, their brand and their business; their staff contribute back to FOSS community and keep it growing. They wouldn't whine, do they?
we all know it's nonsense, when he said no FOSS software giant exists. What he actually meant was 'No FOSS Software Giant that can cash in big profit for small group of people'. If it can't take huge profit, it's then a failure. Bullshit. People paid overprice product just because there're no other better alternative around. Things changed, face it. -
Good IPS already use simmilar technology
You can check Radware and their IPS called DefensePro. You will see that they use what they call Behavioral DoS protection. So this is not really a new thing in the world of combating malware.
-
Good IPS already use simmilar technology
You can check Radware and their IPS called DefensePro. You will see that they use what they call Behavioral DoS protection. So this is not really a new thing in the world of combating malware.
-
Internet redundancy
If you are smaller company or larger but you don't want to deal with BGP (as you can't prove you need
/22 network). Consider choosing something like LinkProof from Radware (http://www.radware.com/).
You can load balance incoming and outgoing links and from more then 2 providers and from simple few meg speeds to gigabit speeds. Pretty cool and works great. -
Re:Encryption?
Several:
Any SSL accelerator can do it , given the private key.
An example is the Radware CT100/Appaccel, but most load balancing companies have this capability.
SSLDump is an OSS app that does the same thing.
If you have an in-line device, you can break any session, and proxy the connection both ways. Some Examples:
SCIP
Finjan
Blue Coat
Breach Security also provides an SSL Inspection plugin and appliance that is OEMed by various IDS vendors.
A Google search for SSL Proxy traffic Monitor returns a number of interesting responses. If you can proxy the service, you can do transparent man in the middle attacks on it.
Full Disclosure: I have worked for both Radware and Breach security on these products, and did a SANS tooltalk on the topic (login required). -
Use a forwarding server on the front end
I would recommend RadWare http://radware.com/ or f5 http://f5.com/ to load balance the traffic to multiple IMAP and/or POP back end servers.
You can even cluster the load balancers... -
balancing connections
Balancing three Satellite connections and three landlines is not such a big deal. With equipment like Israeli company Radware's LinkProof at both ends, the loss of one line would not be noticed. You can configure that equipment to aggregate all connections to multiply the bandwidth, including spreading VPN traffic across the lines, or just use the other lines as failover. These boxes are supposed to handle 10 connections and are very configurable and are veeeery configurable.
The same technology is available for smaller sites with their Linkproof Branch product. -
Radware Linkproof
Radware Linkproof
Magic Radware box... check out the Linkproof or Linkproof LT depending on your needs. Dynamically add or drop providers seamlessly, use your exisiting IP's, handles the failover through a dynamic DNS system onboard. -
Re:load balancer
I have had to solve a similar problem. To few IP numbers to run BGP, and the boss wants redundant Internet.
The Radware LinkProof and FireProof work very well. -
load balancer
The Radware Linkproof works great for incoming and outgoing connections. If you want redundant firewalls, you'll need two of their Fireproofs too.
Also, Cisco makes a product called CSS that's pretty snappy.