Security Basics mailing list archives
Re: Application Firewall
From: Paul Wong <wongpk () starhub net sg>
Date: Mon, 28 Jul 2008 00:04:40 +0800
yes, I fully agreed with you, I have seen such configuration before, is very neat.
Cheers----- Original Message ----- From: "Adriel Desautels" <adriel () netragard com>
To: "Bryan S. Sampsel" <bsampsel () libertyactivist org> Cc: <ams.sec () gmail com>; <security-basics () securityfocus com> Sent: Friday, July 18, 2008 11:50 PM Subject: Re: Application Firewall
Honestly, Apache with mod_security setup as a reverse proxy is quite good. I've used that particular configuration in many instances and I have no complaints what so ever. You can build it yourself, or you can get an appliance from the ModSecurity folks. I HIGHLY recommend this solution. http://www.modsecurity.org/ Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 --------------------------------------------------------------- Netragard, LLC - http://www.netragard.com - "We make IT Safe" Penetration Testing, Vulnerability Assessments, Website Security Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn Bryan S. Sampsel wrote:Sidewinder from Secure Computing is an excellent application-proxy firewall.So is Borderware. IPCOP has aspects that qualify. No, the ASA is a packet filter only firewall. It's quite good at what it does, but it does not handle the application layer. And no, deep packet inspection does not qualify. O'Reilly made an awesome firewall book that you should read. It's a little dated, but the concepts are solid: Building Internet Firewalls.For most of 'em, you'll need some coin. Neither Sidewinder nor Borderwarecome cheap. IPCOP is ok for a SOHO setup, perhaps as many as 25users...not sure beyond that. But it's not engineered to be an enterprisesolution...though I'm sure someone has created a flavor of it that is. Application proxy firewalls do give you some additional protection overstraight packet filter firewalls. If you're talking a massive enterprise,it takes more hardware to drive it as well, as there is some footprintincrease because of the proxies themselves. However, when a user goes outthrough a proxy, a hardened IP stack protects them, as no directconnections are made between client and remote end. With a packet filter,the client talks directly to the remote end. Hope that helps a bit. Sincerely, Bryan S. Sampsel LibertyActivist.org ams.sec () gmail com wrote:Hi everyone,Can anyone please list out some name of application level firewalls. Would Cisco ASA qualify as a application firewall? I have heard it needs certainaddons to provide application screening functionality. Thanks a zillion. Ams---------------------------------------------------------- This email has been scanned for viruses by StarHub e.Scan.
---------------------------------------------------------- This email has been scanned for viruses by StarHub e.Scan.
Current thread:
- Application Firewall ams . sec (Jul 18)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 22)
- Re: Application Firewall Sanjay R (Jul 31)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall Adriel Desautels (Jul 18)
- Re: Application Firewall Ivan . (Jul 21)
- Re: Application Firewall Bryan S. Sampsel (Jul 18)
- Re: Application Firewall Adriel Desautels (Jul 21)
- Re: Application Firewall Paul Wong (Jul 27)
- Re: Application Firewall Adriel Desautels (Jul 21)
- <Possible follow-ups>
- Re: Application Firewall Kyu Kwak (Jul 21)
- RE: Application Firewall Roni Bachar (Jul 30)
- Re: Re: Application Firewall antman84ca (Jul 21)
- Re: RE: Application Firewall anonymous (Jul 31)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)