RE: [fw-wiz] Application Proxy/L7 Firewall Recommendation?

From: ark@eltex.ru
Date: 09/09/02


From: ark@eltex.ru
To: Wesley_Noonan@bmc.com
Date: Mon Sep  9 09:19:01 2002


-----BEGIN PGP SIGNED MESSAGE-----

nuqneH,

"Noonan, Wesley" <Wesley_Noonan@bmc.com> said :

> Microsoft ISA Server <gasp, he didn't really mention a non-*nix based
> product, much less a Microsoft product did he> :-)
>
> Actually, you really can use Microsoft ISA Server for this in various
> configurations.

As well as any other firewall system.
No ISA advantages here.
 
> Blocking Instant Messenger and other apps - article assumes that you are
> running the ISA client software:
> http://www.isaserver.org/pages/article.asp?id=215

There are 2 techniques described here:
blocking by windows executable name - trivial and trivial to bypass
blocking by destination IPs - ...
 
> Also, it looks like the hard core content filtering may come best via
> partners running on top of ISA, for example GFI:
> http://www.microsoft.com/isaserver/partners/contentsecurity.asp
>
> You can also use URLscan to do content filtering, but it is not officially
> supported (MS really pushes the partners to do this function the "right"
> way).
>
> If you want more info, check out www.isaserver.org. It is a really good ISA
> reference site.

None of those will do things requested by original poster.

(actually there is no reliable way to do, though technique implemented in
zorp seems to be the best)

>
> Wes Noonan, MCSE/CCNA/CCDA/NNCSS
> Senior QA Rep.
> BMC Software, Inc.
> (713) 918-2412
> wnoonan@bmc.com
> http://www.bmc.com
>
>
> > -----Original Message-----
> > From: Jeff Newton [mailto:Jeff_Newton@pmc-sierra.com]
> > Sent: Wednesday, September 04, 2002 21:44
> > To: firewall-wizards@honor.icsalabs.com
> > Subject: [fw-wiz] Application Proxy/L7 Firewall Recommendation?
> >
> >
> > Can anyone suggest or recommend a sophisticated application-layer proxy?
> >
> > I'm interested in anything particularly adept at scrubbing HTTP of
> > instant message, file sharing, and remote access applications that
> > tunnel to bypass traditional security measures.
> >
> > Cheers,
> >
> > --
> > Jeff Newton, CISSP
> > Information Security Analyst
> > PMC-Sierra Inc.
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@honor.icsalabs.com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

                                     _ _ _ _ _ _ _
 {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
 (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
 [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQCVAwUBPXx7haH/mIJW9LeBAQGOBgQAh38qejteIiQnMop8IbshC3PhkMaaybkp
PCJZzApcHgDnnux1vHgQFV0BiiHWBbtejfh/emtFZnJM5zE+Wk7gz4B1nkfyITD+
bdNdBWIiZ/ZX+//+LUJUugwXWTKmVN9yH9HpQPe1D+JaDg8pDJTvXq3VzwNIXMIL
k+osn+UtUVc=
=Zj2F
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Problem with 2 IP addresses
    ... Iain ... > If you believe ISA is blocking the traffic, then you should review the ISA ... > sending lookups out via the newly added ip address but there is something ...
    (microsoft.public.isaserver)
  • Re: Content blocking fails
    ... is i set up the rules exactly as i did on my isa 2k box which works ... Shijaz wrote: ... I have tried blocking content types by the following methods yet both have ...
    (microsoft.public.isa.configuration)
  • Re: Blocking specific traffic.
    ... It simply takes *massive* lists of disallowed sites that you will never ... I am new to ISA and I would like to learn more tricks of the trade. ... working on blocking chat programs so I thought I'd ask. ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isa)
  • Re: Problem with Outgoing SMTP and ISA 2004
    ... >The only thing that doesn't work is outgoint SMTP. ... It is as if the ISA ... >server is blocking the mail from going out even though I created an ... It should tell you what rule is blocking the connection. ...
    (microsoft.public.isa.configuration)
  • Re: Problem with 2 IP addresses
    ... If you believe ISA is blocking the traffic, then you should review the ISA packet filter and firewall logs to see if that traffic is ... DNS server is unable to do lookups. ... sending lookups out via the newly added ip address but there is something ...
    (microsoft.public.isaserver)