Re: Security Appliance With 12 Network Segments

In article <io4gno$5qq$1@xxxxxxxxxxxxxxxxx>, news2009@xxxxxxxxx says...

On Tue, 12 Apr 2011 20:41:14 -0400, Leythos wrote:

In article <inv86d$s9c$1@xxxxxxxxxxxxxxxxx>, news2009@xxxxxxxxx says...

On Fri, 08 Apr 2011 23:12:31 -0400, Leythos wrote:


Our firewall appliances AV check HTTP inbound and outbound between
networks and external connections, dropping any connection that
presents a AV or IPS violation.

Dream on, encrypted payload within a https connection is not
detectable, whatever magic product you're using it looks for all of
those like a valid https connection.
Deppends on the config of the IPS, but mostly you can escalate a false-
positive to many IPS with a spoofed IP address which gets then blocked,
in this case you might DOS yourself.

There are many other things you can do to help prevent an infected
server from spreading malware.

Cool, what is it? And why is it still possible to bypass AV products
with packed and encrypted binaries? Did I miss something?

We don't pass files that can't be inspected, we block executable files,
zip files that are password protected, etc...

I see, so users can't download binaries in your network then, correct?
So I would need to find a way that somebody within your company uses my
prepared usb stick or something similar.
Other than that, I like your setup :).
cheers

We disable USB and CD/DVD drives except on select machines. We also have
DHCP setup so that it only provides addresses based on MAC addresses.

We're not perfect, but we've gone decades with only 1 compromised
machine.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

Relevant Pages

  • Re: Security Appliance With 12 Network Segments
    ... Dream on, encrypted payload within a https connection is not detectable, ... Deppends on the config of the IPS, but mostly you can escalate a false- ... Trust yourself. ...
    (comp.security.firewalls)
  • Re: Security Appliance With 12 Network Segments
    ... networks and external connections, dropping any connection that ... encrypted payload within a https connection is not ... Deppends on the config of the IPS, but mostly you can escalate a false- ...
    (comp.security.firewalls)
  • Re: Security Appliance With 12 Network Segments
    ... Dream on, encrypted payload within a https connection is not detectable, ... whatever magic product you're using it looks for all of those like a ... Deppends on the config of the IPS, but mostly you can escalate a false- ...
    (comp.security.firewalls)