Re: firewall question

From: dr.kaos (dr.kaos@kaos.to)
Date: 02/15/02 

From: dr.kaos <dr.kaos@kaos.to>
To: "Ralph Los" <RLos@enteredge.com>, leon <leon@inyc.com>, pen-test@securityfocus.com
Date: Fri, 15 Feb 2002 11:15:28 -0500

On Friday 15 February 2002 10:45 am, Ralph Los wrote:
> All,
>
> I am currently in the process of testing CyberGuard's firewall(s),
> which claim to be packetfilter + proxy based. I am looking for someone
> outside my lab (external) to partner with in conducting strenuous testing,
> with some extensive 'packet crafting' attacks, etc.
>
> Cheers! Response is appreciated...

Be happy to help if I can put my hands on a CyberGuard box, however, I must
say that I'm a bit skeptical of any product that tries to bridge the
functionality gap of a proxy and stateful filter. Granted, i've never
implemented a CyberGuard box, but the benefits of each firewalling
methodology are so distinctly different, and are likely better offered by a
heterogeneous combination of multiple firewalls than by a box that tries to
"do it all."

That certainly isn't to say that someone couldn't prove me wrong, but I
suspect that CyberGuard's "SmartProxies" are very similar in design to
CheckPoint's "Security Servers" -- poorly designed content filtering
mechanisms designed to overcome the basic limitations of filtering traffic
without validating application layer content. I hope I offend no one in
saying so (I don't suspect that I will, though, as numerous CheckPoint
employess have shared with me their similar views on their own Security
Servers), but I really don't think these stateful firewall vendors should be
trying to put proxies on their boxes. IMHO: let the stateful firewall do one
thing very well, and leave the proxying to a vendor with the expertise in
writing proxies.

./dr.kaos

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: get ip
    ... |> 1) You didn't read my posts because I never mentioned security. ... | scans all-be-it if the access is through a proxy then there is no ... it goes to the local intranet server for that location. ... for future verification. ...
    (microsoft.public.scripting.jscript)
  • Re: Thousands of 537 Events in Security Log
    ... I managed to get the Messaging Security Agent to install by not installing ... I have configured proxy settings for both Update and Tracking and Web ... An error occurred during logon ...
    (microsoft.public.windows.server.sbs)
  • Re: Comodo blocking port forwarding
    ... on port 80 via a proxy, and the proxy does both DNS forwarding and HTTP proxying. ... Would you persuade people not to use AV? ... That is, if they really decide to use a virus scanner, I'd persuade them to not rely on it as a security measure, since most of them do. ... And now a wrong analogy between the analogue and the digital world, as well as a wrong analogy between biological diseases and computer security problems. ...
    (comp.security.firewalls)
  • Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
    ... The proxy servers have inbound/outbound filter settings dictiated by ... > IT Security, applied by server admins. ... > traffic and port/protocol filters set to back up the proxys filters. ...
    (Firewall-Wizards)
  • Stunnel Problems
    ... I am having a problem with Stunnel whilst attempting to do a reverse ... ssl Proxy. ... (both on linux and windows) ... IT Security Consultant, UK ...
    (Pen-Test)
Quantcast