Security Basics mailing list archives
Re: Are Proxy Firewalls a Security Hole?
From: Dav Fisher <dfisher3202 () gmail com>
Date: Fri, 1 Jun 2012 14:40:49 -0700
First, thanks for all the great responses! I'll respond to several emails at one time: Use of EICAR in the middle of a file: If you proxy the entire file, and the file size is within the acceptable limit of the firewall, no problem, the virus is detected. Several firewalls have specific configurations as to whether to detect EICAR or not, so you must configure the firewall properly. Also used live stuff beside EICAR, same result. So, the basis for the test is that the file you use must be detectable when in full proxy mode and not when using a stream-based method. In this case, we are using large files, but are under the maximum allowed for the particular model. Proxy firewalls and large files in general: Viruses are usually small, but when embedded in large files, can be passed through without detection. If this is not a big deal, why are companies like Fortinet, Juniper, Watchguard, etc. pushing stream based AV/IPS/AS type technology? Fortinet claims the fastest firewall in the world based on SPI. Yet when Proxy AV is turned on, performance takes a nose-dive. So they push 'FlowAV'. But from a marketing stance, still not noteworthy. So, given that the Internet is getting faster and larger amounts of data are being sent, I am suggesting proxy technology has hit a wall and opening a major security hole. Yes, there are security holes everywhere, but this will open a really nasty one. Again, thanks for all the responses! ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Are Proxy Firewalls a Security Hole? Dan Lynch (Jun 01)
- <Possible follow-ups>
- Re: Are Proxy Firewalls a Security Hole? Rob (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Stephanus J Alex Taidri (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Dav Fisher (Jun 04)
- RE: Are Proxy Firewalls a Security Hole? David Harley (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Kurt Buff (Jun 01)