Re: [fw-wiz] Secure Computing Sidewinder?



No, being "application layer proxy" means there is no such thing as
a packet for the inspection engine. It means the firewall terminates
tcp session by itself and starts new one on the behalf of client.
So it does not matter how data is distributed among packets.

And it is still useful even if you do not have up to date signature database
of "known bad things". With Sidewinder, you do, however.

On Sun, Jun 08, 2008 at 11:23:49AM +0100, Paul Hutchings wrote:

I know both ISA and Sidewinder are "Application Layer" firewalls and
act as proxies etc. but I'm struggling to get my head around why one
might be "better" than the other, I guess I'm a little unclear on
exactly what "Application Layer" means tbh despite reading various
definitions?

My understanding with the Sidewinder is that the proxies receive each
packet, tear it apart, inspects it, and then depending on the
protocol it drops/discards anything that is dangerous, and in the
case of safe content rewrites the packet and makes the connection
itself it so that the source machine never connects directly to the
destination, rather the connection always terminates at the
Sidewinder, which makes the connection on its behalf?

I'm also struggling to understand how useful an application layer
firewall is when it seemingly is never updated i.e. Microsoft ISA
server?

Our requirements are pretty simple I would imagine:

We want to let traffic out, with the source being restricted by IP
address or Active Directory user. Mostly standard protocols such as
dns/smtp/http/https/ftp where we would expect all traffic to conform
to the protocol. In some instances we'll need to open port X to
destination Y and would want to simply allow traffic to pass and
wouldn't expect a firewall to know what the traffic is as it will be
something unique to an application that we're using.

We want to allow smtp in, as well as a few specific internal websites
such as Outlook Web Access etc. which use HTTPS.

I'd appreciate any input on the specifics of how the two products
differ and how one might be considered "better" than the other both
in terms of bottom line security, and our requirements.

cheers,
Paul
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

email protected and scanned by AdvascanTM - keeping email useful -
www.advascan.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Sidewinder vs Netscreen as layer 3 firewall only.
    ... I'm trying to compare the performance of a Netscreen ISG1000/2000 firewall ... and a Secure Computing Sidewinder 1100C **as a layer 3 packet inspector** ... Regarding the Sidewinder, it might sound unusual to you that we may ...
    (comp.security.firewalls)
  • Re: Stateful Inspection
    ... > the contents of the packet at the application layer and not just ... Here's a link describing stateful firewalls. ... the generic term stateful firewall implies both ... all packets' contents (application layer). ...
    (comp.security.firewalls)
  • Re: Stateful Inspection
    ... > the contents of the packet at the application layer and not just ... Here's a link describing stateful firewalls. ... the generic term stateful firewall implies both ... all packets' contents (application layer). ...
    (comp.security.firewalls)
  • Re: can sasser& Blaster get to the computer?
    ... Because of a hardware conflict I cannot update the laptop. ... >>Will the desktop computer with the firewall also protect the laptop even if>>I disable the firewall on the laptop? ... Each layer is necessary because no> layer produces complete protection. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: can sasser& Blaster get to the computer?
    ... Because of a hardware conflict I cannot update the laptop. ... >>Will the desktop computer with the firewall also protect the laptop even if>>I disable the firewall on the laptop? ... Each layer is necessary because no> layer produces complete protection. ...
    (microsoft.public.windowsxp.network_web)