Re: [fw-wiz] AltaVista Firewall

From: Matthew J. Harmon (mjh_at_itys.net)
Date: 06/10/04

  • Next message: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"
    To: Bruce Platt <Bruce@ei3.com>
    Date: Wed, 09 Jun 2004 19:15:15 -0500
    
    

    Thank you for the in depth email, the files in the follow-up email are
    great, thank you!

    Additional reply inline:

    Bruce Platt wrote:

    > Previous posters are correct, this was sold to Axent and a maintenance
    > release named Raptor-EC was issued four or five years ago.
    >
    > I worked on a few of the original versions on both Win/NT and Digital Unix
    > in the '97 and '98 timeframe.
    >
    > Also correct is the statement that your client should get off of this and
    > onto something more modern as soon as possible.

    Already in the works.

    > As far as set up and management is concerned: (and I am going only from
    > hazy memory)
    >
    > 1. Through a web-browser running as part of the fw software.

    An early version of netscape.

    > 2. Application layer proxies for http, smtp, finger, etc. One feature of
    > the smtp proxy is that it holds the mail if the internet net smtp server
    > goes off the air. Packet Filtering capabilities as well.

     From what I've heard from other engineers, the configuration is quite
    similar (in practice, and in effect) to modifying /etc/inetd.conf and
    commenting out services?

    > 3. None of the modern features we have come to expect. ( :-) ). There is
    > little inspection of the application traffic running through the proxy, no
    > ability to do things like implement rbl checks, etc.
    > 4. All configuration information is saved in text files (I am sure about
    > this on the Unix version, and I think this is so on the Win/NT version.)
    > So, you can look for "config" files in the likely place (the install
    > directory of the sw), and look around in them. I would stay away from
    > messing with them outside of the browser UI

    One of the reasons I'm looking for so much detailed information is
    automating the configuration process.

    > I have a copy of the documentation which I will send to Matthew under
    > separate cover. He can provide it to others if he chooses

    In the process of revamping my website (http://itys.net/) however I will
    make these available shortly under http://itys.net/infosec/

    > As an interesting historical note. The AltaVista Firewall product grew from
    > work which was originally done at DEC by Marcus Ranum and a few others when
    > he worked with Fred Avolio back in the late 80's and early 90's. I had the
    > pleasure of knowing them then. They had the vision to know that the
    > marketplace needed a "real" firewall product. So, they and a few others
    > built one. The AltaVista FW product was intended to be an easy to use
    > "gadget" which didn't really need the skills of a sophisticated security
    > professional to install configure and deploy.
    >
    > Digital created an entire product line around the Search Engine, the
    > Firewall, and some other things, pieces of which were sold off as the
    > Company required cash to keep running after serious management blunders in
    > the 90's and before it was acquired by Compaq.

    Thanks for the information.

    >
    > +---------------------------------------+
    > Bruce B. Platt, Ph.D.
    >
    >
    >
    >>-----Original Message-----
    >>From: Matthew J. Harmon [mailto:mjh@itys.net]
    >>Sent: Tuesday, June 08, 2004 10:50 PM
    >>To: firewall-wizards@honor.icsalabs.com
    >>Subject: [fw-wiz] AltaVista Firewall
    >>
    >>
    >>I recently entered an client engagement and they are using
    >>the AltaVista
    >>Firewall (migrating away, but still need support). About
    >>five years ago
    >>I very briefly worked with this product (Digital ->
    >>Compaq/HP) which now
    >>appears to have no support, the digital.com website for their
    >>software
    >>(altavista.software.digital.com) is gone, the compaq website only has
    >>product information (no technical documentation) and the support tech
    >>(last ditch effort!) I talked to argued with me for ten minutes about
    >>how AltaVista is a search engine and not a firewall.
    >>
    >>So far, my only luck has been the wayback machine, which has even
    >>provided me little information.
    >>
    >>At this point, I am tossing myself at the mercy of those who may have
    >>experience with this firewall and perhaps documentation saved around
    >>somewhere? Or even a quick write up would be great. With
    >>permission, I
    >>will make a quick AltaVista Firewall 101 FAQ.
    >>
    >>Thanks for any help you can provide!
    >>
    >>-Matthew
    >>_______________________________________________
    >>firewall-wizards mailing list
    >>firewall-wizards@honor.icsalabs.com
    >>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >>
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"