SANS Top Ten and Commercial Firewalls

[Gary Flynn <flynngn () jmu edu>]

Being efficient (as opposed to being lazy :) I thought
I'd pose a question here to a body of folks familiar with
the firewall marketplace rather than scour individual 
commercial web sites where details are often rare.

Of the SANS "Twenty Most Critical Internet Security 
Vulnerabilities" ( http://www.sans.org/top20 )
how many are addressed by the majority of commercial 
firewalls without resorting to blocking the associated 
port and service entirely?

In other words, how many of them can detect and block
things like:

W1. IIS malicious requests for cmd.exe and sample files
    and buffer overflows.
W2. Requests for MDAC access
W3. Malicious SQL Server requests based on patched defects or
    sa access without a password.
W5. Null netbios access (as opposed to all netbios access)
W6. Netbios sessions based on LM Hash.
W7. Netbios sessions to accounts with no passwords.
W8. Malicious HTTP responses exploiting IE defects.
W9. Remote Registry Access
U1. Malicious RPC calls
U2. Malicious HTTP calls to Apache web servers exploiting the
    OpenSSL or Apache chunk handling defects.
U3. Malicious SSH requests exploiting SSH defects.
U4. Malicious SNMP requests or requests with the community
    name blank or equal to "public".
U5. Malicious requests to FTP servers exploiting wu-ftp defects.
U7. Malicious requests to the line printer daemon.
U8. Malicious requests to sendmail.
U9. Malicious requests to bind.

I know there will be variances and subsets but I was hoping
to get some kind of general feeling for the overall coverage.
If you know of a better place to pose the question, please
let me know.

thanks,

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards