[fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)

From: Bennett Todd (bet_at_rahul.net)
Date: 07/29/04

  • Next message: Bennett Todd: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)" 
    To: firewall-wizards@honor.icsalabs.com
Date: Wed, 28 Jul 2004 22:51:12 +0000

    2004-07-26T20:25:56 ArkanoiD:
    > (Yes, i don't like socks. It provides no protocol knowledge and
    > may lead into punching gaping holes in the firewall when used
    > without proper restrictions. You may even bind external ports with
    > it!)

    I have to admit I like socks. Glad it's in my toolchest.

    Protocol-specific proxies are certainly what I reach for first, and
    Just Say No is a favourite approach.

    But socks can be significantly nicer than the alternatives I
    know of when there's a business need to allow a protocol, which
    cannot be effectively man-in-the-middled, and which doesn't have a
    builtin wrapper allowing user authentication and entitlements. SSL
    and ssh are examples that leap to mind. While socks provides no
    more protocol-specific protection than simply port forwarding or
    plug-gw-style proxies, it can enable authentication and fine-grained
    entitlements. Pick and choose who is allowed to connect to what over
    which ports, require them to authenticate as users (rather than
    having to trust the client IP), and log who connected where, and
    when.

    I'm looking forward to the day when we can instead deploy
    springboard servers for such services, and users authorized to use
    the services run them via script that actually runs the
    security-worrisome app in a sandbox in the DMZ. We're getting there,
    not quite got all the bits yet.

    -Bennett

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Bennett Todd: "Re: [fw-wiz] socks (was Re: FEP - Firewall enhancement protocol)"

    Relevant Pages

    • RE: socks 5
      ... I said it's a protocol to build application tunnels (call ... Asunto: RE: socks 5 ... Socks is a application level proxy and is used to exert control ... Calling SOCKS a tunnel is extremely misleading, ...
      (Security-Basics)
    • [fw-wiz] UNSUBSCRIBE
      ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Secure Computing Sidewinder?
      ... We are moving off Sidewinder G2 solely because of the price. ... There are many different approaches to designing a firewall, ... thorough than most other "application proxy" firewalls, ... packet, tear it apart, inspects it, and then depending on the protocol it ...
      (Firewall-Wizards)
    • Re: Natted IP
      ... > useful if one trys to tunnel an exploit of one protocol inside a second ... but the router "firewall" will block all unsolicited packets unles they are ... If you send some kind of tunneled packet wrapped inside, ... > run only with JS enabled with Java applets disabled. ...
      (alt.computer.security)
    • Firewall that blocks NetBEUI etc.
      ... Personal firewall functionality is mostly oriented toward TCP/IP protocol. ... I have NT4WKS and we have advanced Microsoft network - they have some tool ... I have tried to audit them with netstat or TCPview to see all network ...
      (comp.security.firewalls)