Re: Help with finding hardware firewall that acts like software firewall

From: phil (phil28340000@hotmail.com)
Date: 03/09/03


From: phil <phil28340000@hotmail.com>
Date: Sat, 08 Mar 2003 21:13:31 -0600

I guess I am just very disapointed in the lack of being able to
adequatly configure my BEFSX41. It is very limiting in its opitons,
such as the inablity to filter a port both in/out bound - you have to
do one for each. The limited number of rules that can be established,
terrible logging (hard to read), and no feedback in real time as to
what has been blocked or why something has been denied. Could you
recommend another alternative firewall that might do better in these
areas? I have read about Sonic SOHO3, is that a good one? Thanks for
your help and advise.

On Sat, 08 Mar 2003 22:58:20 GMT, "David" <davidwnh@adelphia.net>
wrote:

>It could be done however I don't know that anyone is currently doing it. To
>pull off properly you would still need a client agent on each desktop that
>is responsible for identifying and more importantly validating that each
>application is truly what it is supposed to be. The closest I have seen to
>this in a dedicated hardware device implement filters at the application
>level but do not truly control things as per specific program executable.
>They are basically filtering the application data within the packets. Take a
>look at the CyberGuard KnightStar on the web. Even this is truly just a SCO
>Unix box underneath with a specific application suite installed. It seems
>that such an appliance would simply end up being a souped up pc with a
>jacked-up price tag. At that point I would much rather build my own scalable
>solution that is tuned and configured for my specific needs and does not
>hold me hostage to the firmware developers of the appliance.
>
>The biggest advantage to using a hardware device is performance. Filtering
>with an application gateway can impose quite a performance hit so it is best
>done on servers which are easily upgraded, clustered, and easily integrated
>with other types of access control which are often platform specific.
>
>Your best bet these days might be to set up dedicated application gateway
>server and in addition use a relatively inexpensive but efficient packet
>filtering device at the perimeter to take care of the majority of the
>unsolicited traffic and to keep the load of certain DOS attacks off of the
>application gateway. ISA server provides a great application gateway if you
>are in a windows specific environment. You would still need something on
>each desktop to validate the executables to get to the level of application
>protection provided by some of the personal firewalls, however I don't know
>of anything that works in real-time and also allows for exclusive
>centralized management. You can use something like ISS's real secure agents,
>however this leaves some of the management in the hands of the end user if
>the desktops are not static as far as installed applications are concerned.
>And the frequency of security patches these days throws that notion right
>out the window. There are other ways to go about this though.
>
>All in all through a combination of software products you can get very close
>to the application control provided for in some of the personal firewalls
>while taking the administration of such control off the individual desktop.
>And your other firewall functionality will far surpass what any of these
>personal firewalls provide. I suspect the administrative control issue is
>the whole point of doing such since it is otherwise pointless to consolidate
>some of the processor use centrally.
>
>This reminds me of a fairly new IBM commercial. "There is no universal
>adapter".
>There is no magic box for this however there is a way to put much of it on
>centrally managed servers.
>
>> A software firewall resides on your PC. As such it can offer the ability
>to
>> filter the application(s) on your PC that are responsible for using a
>> specific port or ports.
>>
>> OTOH a hardware firewall is a physically separate device from your PC. As
>> such it does not have the ability to know what application on your PC are
>> responsible for using a specific port or ports.
>>
>> While I could be mistaken I think the best that you can probably do would
>be
>> to implement a hybrid firewall that offers application layer filtering and
>> even this is not the same as what you're looking to accomplish.
>>
>> > Help/advise finding the following SOHO firewall:
>> >
>> > I would like to purchase a Hardware fire wall that will let me filter
>> > (allow/deny/ask) by application and port just like software firewalls
>> > do. I would also like to prompt me just as the software firewalls do
>> > when it intercepts incomming and outgoing traffic that it does not
>> > have a specific rule for. Of course most bang for the buck, but
>> > without sacrificing the above requirements.
>> >
>> > Thanks.
>>
>>
>



Relevant Pages

  • Re: Help! Can I do this for under $400?
    ... >firewall, and I have being so dissappointed about the crap they sell at ... >stores like Best Buy CANNOT do address filtering. ... >> B. Public to access any of the web servers using only port 80 or SSL ...
    (comp.security.firewalls)
  • Re: Help! Can I do this for under $400?
    ... >filtering, is missing. ... According to the FAQ of a firewall group, ... >destination addresses and port numbers. ... We have 3 web servers on the LAN ...
    (comp.security.firewalls)
  • Re: How do I block just one port from being listened to on my server
    ... Blocking one port isn't the answer. ... Blocking these with TCP/IP filtering or IPSec ... > Those people who complain about a firewall blocking their chat would have ...
    (microsoft.public.security)
  • Re: Help! Can I do this for under $400?
    ... Unless, I miss some something, a key firewall functionality, address ... filtering, is missing. ... destination addresses and port numbers. ... We have 3 web servers on the LAN ...
    (comp.security.firewalls)
  • Re: Remote Admin Tools source code for Delphi 4,5,6 & 7
    ... this way I guess the traffic is outbound form the client to ... be remoted and opens up a channel on the firewall. ... the actual client you are going to remotely control. ... all using the same configuration and one Port on your machine. ...
    (borland.public.delphi.thirdpartytools.general)