Firewall Wizards mailing list archives
RE: Application Proxy/L7 Firewall Recommendation?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Mon, 9 Sep 2002 09:52:32 -0400 (EDT)
On Mon, 9 Sep 2002 ark () eltex ru wrote:
Microsoft ISA Server <gasp, he didn't really mention a non-*nix based product, much less a Microsoft product did he> :-) Actually, you really can use Microsoft ISA Server for this in various configurations.As well as any other firewall system. No ISA advantages here.
Actually, the client coupling may be considered an advantage in some cases. Depending on your desktop environment, it may be a significant advantage- such as if you've permissioned desktop users away from installing and renaming software.
Blocking Instant Messenger and other apps - article assumes that you are running the ISA client software: http://www.isaserver.org/pages/article.asp?id=215There are 2 techniques described here: blocking by windows executable name - trivial and trivial to bypass
AFAIK, ISA is the only non-"PC firewall" product that does this. It doesn't matter that it's trivial to bypass in some instances... For instance, it may be very useful for policy enforcement- anyone who "doesn't know" the policy will create a denied log entry and can be suitably chastised by the policy police who come a waving their CISSP badges. Anyone who purposefully renames executables is definitely on the list of "knowingly violoating the policy" and can get scheduled for their HR appointment or outprocessing briefing.
blocking by destination IPs - ...Also, it looks like the hard core content filtering may come best via partners running on top of ISA, for example GFI: http://www.microsoft.com/isaserver/partners/contentsecurity.asp You can also use URLscan to do content filtering, but it is not officially supported (MS really pushes the partners to do this function the "right" way). If you want more info, check out www.isaserver.org. It is a really good ISA reference site.None of those will do things requested by original poster.
Sure they will, they just do it in a different way, and depend upon other environmental issues. That we don't *know* the original poster's environment makes it all the more important that the choice be presented.
(actually there is no reliable way to do, though technique implemented in zorp seems to be the best)
Ah, but if I had to do this, I'd sure look at a layered implementation that inlcuded ISA on the inside to catch the folks who get to have an enforced policy reading session and zorp on the outside to go after the ones who are seeking other career opportunities. In fact, the more I think about it, the more I like being able to differentiate between the casual "lemme try clicking and see if it works" policy violator and the active "I'm going to rename stuff and run this anyway" one. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application Proxy/L7 Firewall Recommendation?, (continued)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Adam Shostack (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? John Adams (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 05)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- Re: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)