Re: outbound filtering

Sebastian Gottschalk, 12/26/2006,5:46:04 PM, wrote:

badgolferman wrote:

Jim Ford, 12/26/2006,3:32:22 PM, wrote:

He obviously knows a lot about security

Maybe not. If he really knew a lot about security he would be
willing to offer advise. I'd say he knows a lot about arrogance.

Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept
and knowledge. Offering concrete advise won't solve this more
fundamental problem.

And I've pointed out some concrete consequences of this problem:

- NAT routers aren't firewall or security devices.
- Monitoring connections doesn't require extensive packet filters with
state machines, but just standard operating system tools requesting
such information directly from the OS.
- Outbound filtering doesn't work. Never did, never will, beside the
wishes because it would be nice if it actually worked. And the reason
is inter-process communication, some feature that you wouldn't like
to miss either.

Thank you for the informative response.

Relevant Pages

  • Re: Server Firewall
    ... Application proxy firewalls are important for some things ... > provide the 'highest level of security'. ... > implementations are now a mixture of packet filters, stateful packet ... > packet filters with application awarness and application proxies. ...
  • [TOOL] Network Security Policy Compiler
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... It generates configuration files for packet filters controlling ... describing security policy and the topology of a network. ...
  • Obama Security - Marc Fisher: This is not Paranoi but is Arrogance
    ... Marc Fisher is an uberliberal from Washington Post. ... I think the word you meant to use is "paranoia," not arrogance. ... When security crosses the line from logical and reasonable to totally ...
  • Re: Firefox. searchqu.
    ... Agreed, but Apple's arrogance towards security has come back and bit them, they have not learned from Microsoft's mistakes with XP's security. ... It's worrying that OS X is rated EAL 3 whilst Win 7 and Win Vista are both EAL 4. ...