Re[2]: [fw-wiz] Worms, Air Gaps and Responsibility

From: Eric Maiwald (
Date: 05/07/04

  • Next message: Rogan Dawes: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
    Date: Fri, 7 May 2004 11:24:03 -0400 (EDT)

    On Fri, 7 May 2004, Marcus J. Ranum wrote:
    > Well, the Cisco self-protecting network stuff is basically that concept. The
    > idea is to partner with A/V vendors and have a plug-in to the A/V software
    > that interfaces with firewalls and switches to make sure the portable
    > machine is "up to scratch" - I think the concept is good but fairly primitive.
    > If it works, though, there's all kinds of potential for interesting horizontal
    > integration (e.g.: "call H.R. and decide if this guy is still an employee..")
    > That was all announced in November; I don't know how vaporous it is.

    Zone Labs had something like this that they were working on as well.
    Aventail had (still has maybe?) a consortium called EdgeSec that
    was supposed to address this concept. I don't know how far that went.
    Their concept was not limited only to AV but also to desktop firewall
    (version and policy) and VPN.

    I believe that the VPN was to be the mechanism to convey the information
    to the server. The server would then make a determination about how
    much connectivity the client would receive. It might be full connectivity,
    or some type of quarantine so that the client could be updated.


    Eric Maiwald So Many Hobbies, So little time

    "A compromise which results in a half-step toward evil is all wrong."
                  --Theodore Roosevelt

    firewall-wizards mailing list

  • Next message: Rogan Dawes: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"

    Relevant Pages

    • Re: Program that requires drive letter fails
      ... I disabled the antivirus client and there are no firewalls enabled. ... client and server are on the same IP subnet, ... related to permissions, but I am puzzled because if you don't map a drive ...
    • Re: [fw-wiz] Phrack #60: "Java tears down the Firewall"
      ... > kind of attack? ... If you mean: client speaks active, server speaks passive: yes, the ... If you mean: client speaks passive, server speaks active: well, then ... is this the same "can" that dictates that proxy firewalls "can inspect ...
    • Re: Swing client to App Server
      ... Now we're asked to write a Swing to app server ... while going through firewalls is possible, ... Again, they can work, even if both client and server are hidden ...
    • RE: Intermittent VPN connection problems
      ... server ... Client - Windows XP Pro, no additional firewalls, accessing through cable ... I am the only client accessing remotely. ... You are correct - I am sometimes unable to establish an initial connection, ...
    • Re: Can extra processing threads help in this case?
      ... A Webserver at a hosting site ... Firewalls implemented using conventional operating systems ... Physical security at the hosting site is not your problem. ... And to physically attack my server, you not only have to pass ...