Re: [fw-wiz] Secure Computing Sidewinder?
- From: ArkanoiD <ark@xxxxxxxxx>
- Date: Tue, 10 Jun 2008 09:36:52 -0600
No, being "application layer proxy" means there is no such thing as
a packet for the inspection engine. It means the firewall terminates
tcp session by itself and starts new one on the behalf of client.
So it does not matter how data is distributed among packets.
And it is still useful even if you do not have up to date signature database
of "known bad things". With Sidewinder, you do, however.
On Sun, Jun 08, 2008 at 11:23:49AM +0100, Paul Hutchings wrote:
I know both ISA and Sidewinder are "Application Layer" firewalls and
act as proxies etc. but I'm struggling to get my head around why one
might be "better" than the other, I guess I'm a little unclear on
exactly what "Application Layer" means tbh despite reading various
definitions?
My understanding with the Sidewinder is that the proxies receive each
packet, tear it apart, inspects it, and then depending on the
protocol it drops/discards anything that is dangerous, and in the
case of safe content rewrites the packet and makes the connection
itself it so that the source machine never connects directly to the
destination, rather the connection always terminates at the
Sidewinder, which makes the connection on its behalf?
I'm also struggling to understand how useful an application layer
firewall is when it seemingly is never updated i.e. Microsoft ISA
server?
Our requirements are pretty simple I would imagine:
We want to let traffic out, with the source being restricted by IP
address or Active Directory user. Mostly standard protocols such as
dns/smtp/http/https/ftp where we would expect all traffic to conform
to the protocol. In some instances we'll need to open port X to
destination Y and would want to simply allow traffic to pass and
wouldn't expect a firewall to know what the traffic is as it will be
something unique to an application that we're using.
We want to allow smtp in, as well as a few specific internal websites
such as Outlook Web Access etc. which use HTTPS.
I'd appreciate any input on the specifics of how the two products
differ and how one might be considered "better" than the other both
in terms of bottom line security, and our requirements.
cheers,
Paul
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
email protected and scanned by AdvascanTM - keeping email useful -
www.advascan.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Secure Computing Sidewinder?
- From: Paul Hutchings
- [fw-wiz] Secure Computing Sidewinder?
- Prev by Date: [fw-wiz] Secure Computing Sidewinder?
- Next by Date: Re: [fw-wiz] Secure Computing Sidewinder?
- Previous by thread: [fw-wiz] Secure Computing Sidewinder?
- Next by thread: Re: [fw-wiz] Secure Computing Sidewinder?
- Index(es):
Relevant Pages
|
