Re: [fw-wiz] Firewall best practices



Martin Barry wrote:
...and every app that wants to work around a firewall just encrypts it's
traffic and runs the server on port 443.

That's why firewalls need to go back to doing what they
originally did, and parsing/analyzying the traffic that
flows through them, rather than "stateful packet
inspection" (which, as far as I can tell, means that
there's a state-table entry saying "I saw SYN!")

If the firewall doesn't understand the data it's passing,
it's not a firewall, it's a hub.

mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Firewall best practices
    ... flows through them, rather than "stateful packet ... inspection" (which, as far as I can tell, means that ... it's not a firewall, it's a hub. ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Firewall best practices
    ... That's why firewalls need to go back to doing what they ... flows through them, rather than "stateful packet ... inspection" (which, as far as I can tell, means that ...
    (Firewall-Wizards)
  • Re: What do you think of my acces list?
    ... These ACEs would not be necessary if you were using "inspection" on an internal interface to provision the return path (temporary dynamic holes in the firewall). ... " permit udp any eq domain any " ... If you were trying to accommodate DNS "responses" resulting from queries initiated by internal clients, I would have expected the generic UDP inspection to provision the return path for this return traffic. ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... depend upon either statelessness or guessing the next sequence ... than a "stateful" firewall. ... Is "deep packet inspection" stream inspection? ... I am not convinced that the vendors that are selling "deep packet ...
    (Firewall-Wizards)
  • Re: Firewall problem.
    ... I assume "mail flows" means in and out? ... are the firewalls you tested Windows Security aware - ie does the "you gotta firewall" component if Windows recognise their existence ... Checked Zonealarms permissions, and thunderbird had ...
    (microsoft.public.windowsxp.basics)