Security Basics mailing list archives
Re: Application Firewall
From: Adriel Desautels <adriel () netragard com>
Date: Fri, 18 Jul 2008 11:50:04 -0400
Honestly,Apache with mod_security setup as a reverse proxy is quite good. I've used that particular configuration in many instances and I have no complaints what so ever. You can build it yourself, or you can get an appliance from the ModSecurity folks. I HIGHLY recommend this solution.
http://www.modsecurity.org/ Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Bryan S. Sampsel wrote:
Sidewinder from Secure Computing is an excellent application-proxy firewall. So is Borderware. IPCOP has aspects that qualify. No, the ASA is a packet filter only firewall. It's quite good at what it does, but it does not handle the application layer. And no, deep packet inspection does not qualify. O'Reilly made an awesome firewall book that you should read. It's a little dated, but the concepts are solid: Building Internet Firewalls. For most of 'em, you'll need some coin. Neither Sidewinder nor Borderware come cheap. IPCOP is ok for a SOHO setup, perhaps as many as 25 users...not sure beyond that. But it's not engineered to be an enterprise solution...though I'm sure someone has created a flavor of it that is. Application proxy firewalls do give you some additional protection over straight packet filter firewalls. If you're talking a massive enterprise, it takes more hardware to drive it as well, as there is some footprint increase because of the proxies themselves. However, when a user goes out through a proxy, a hardened IP stack protects them, as no direct connections are made between client and remote end. With a packet filter, the client talks directly to the remote end. Hope that helps a bit. Sincerely, Bryan S. Sampsel LibertyActivist.org ams.sec () gmail com wrote:Hi everyone, Can anyone please list out some name of application level firewalls. Would Cisco ASA qualify as a application firewall? I have heard it needs certain addons to provide application screening functionality. Thanks a zillion. Ams
Current thread:
- Application Firewall ams . sec (Jul 18)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 22)
- Re: Application Firewall Sanjay R (Jul 31)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall Adriel Desautels (Jul 18)
- Re: Application Firewall Ivan . (Jul 21)
- Re: Application Firewall Bryan S. Sampsel (Jul 18)
- Re: Application Firewall Adriel Desautels (Jul 21)
- Re: Application Firewall Paul Wong (Jul 27)
- Re: Application Firewall Adriel Desautels (Jul 21)
- <Possible follow-ups>
- Re: Application Firewall Kyu Kwak (Jul 21)
- RE: Application Firewall Roni Bachar (Jul 30)
- Re: Re: Application Firewall antman84ca (Jul 21)
- Re: RE: Application Firewall anonymous (Jul 31)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)