Core FORCE and OpenBSD PF's

• Previous message: Florian Weimer: "Re: - Cisco IOS HTTP Server code injection/execution vulnerability-"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Nov 2005 18:53:50 -0300
To: bugtraq@securityfocus.com

Hello everyone,

Theo de Raadt, head of the OpenBSD project, has requested me to clarify
something about the firewall technology of the endpoint security package
(Core FORCE) released today by Core and announced to bugtraq and other
mailing lists.

Core FORCE uses a Windows port of OpenBSD's PF (www.openbsd.org/faq/pf)
for firewalling.

This involved porting the PF engine to a Windows NDIS compliant miniport
kernel driver with trimmed functionality (removed NAT, RDR, packet
queing and normalization and packet tagging among other things) and
adding the ability to set firewall rules on a per-process basis and the
implementation of the "ask" action (in addition to allow,deny) to allow
users to explicitly indicate if they want to pass or block
inboud/outbound packets from/to a given program. Configuration of
firewall rules is integrated to the Core FORCE GUI that also handles
filesystem and registry access control configuration permissions.

In addition to PF's NDIS driver, CORE FORCE also uses a Windows TDI
driver (this one developed from scratch) that allows to also filter
network operations at the socket layer rather than at the packet layer.

We felt that instead of inventing yet a new packet filtering engine we
should use OpenBSD's PF which brings a very robust technology, that have
been extensively tested in the field and withstanded careful security
scrutiny for many years, to the Windows world.

PF is a great piece of software and we're glad that the OpenBSD team
made it available for everyone to use under a BSD license.

If you'd like to learn more about Core Force's architecture and how
OpenBSD's PF fits in it you can browse to the following URL:

http://force.coresecurity.com/index.php?module=articles&func=display&ptid=10&catid=39&aid=16

Thanks,

-ivan

---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842
Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES
46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@coresecurity.com
www.coresecurity.com
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A

• Previous message: Florian Weimer: "Re: - Cisco IOS HTTP Server code injection/execution vulnerability-"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Where to put my multiple servers????? ... Please explain to me how a firewall protects against outbound traffic ... looks at the packet header. ... This article at eEye introduces added security measures of an application ... (microsoft.public.windows.server.networking) CORE-2007-1119: CORE FORCE Kernel Buffer Overflow ... CORE FORCE Kernel Buffer Overflow ... Advisory ID: CORE-2007-1119 ... CORE FORCE is the first community oriented security solution for personal ... CoreLabs, the research center of Core Security Technologies, is charged ... (Bugtraq) [UNIX] Flood ACK Packets Cause an IBM SecureWay Firewall to Hang ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... SecureWay is a robust Firewall product developed by IBM that works under ... When an all zeroed flags TCP packet is sent to the SecureWay Firewall, ... (Securiteam) [NT] CORE FORCE Kernel Buffer Overflow ... Get your security news from a reliable source. ... CORE FORCE Kernel Buffer Overflow ... Locally exploitable kernel buffer overflow vulnerabilities and unproperly ... firewall implemented as an NDIS complaint kernel driver that mediates ... (Securiteam) ANN: Free endpoint security software released (Core FORCE 070.105) ... the research arm of Core Security Technologies is pleased to ... Core FORCE, a fully functional endpoint protection software for Windows ... (Focus-IDS)