Re: AltaVista Firewall

["Matthew J. Harmon" <mjh () itys net>]

Thank you for the in depth email, the files in the follow-up email are 
great, thank you!

Additional reply inline:

Bruce Platt wrote:

> Previous posters are correct, this was sold to Axent and a maintenance
> release named Raptor-EC was issued four or five years ago.
>
> I worked on a few of the original versions on both Win/NT and Digital Unix
> in the '97 and '98 timeframe.
>
> Also correct is the statement that your client should get off of this and
> onto something more modern as soon as possible.

Already in the works.

> As far as set up and management is concerned:  (and I am going only from
> hazy memory)
>
> 1. Through a web-browser running as part of the fw software.

An early version of netscape.

> 2. Application layer proxies for http, smtp, finger, etc.  One feature of
> the smtp proxy is that it holds the mail if the internet net smtp server
> goes off the air.  Packet Filtering capabilities as well.

From what I've heard from other engineers, the configuration is quite 
similar (in practice, and in effect) to modifying /etc/inetd.conf and 
commenting out services?

> 3. None of the modern features we have come to expect. ( :-) ).  There is
> little inspection of the application traffic running through the proxy, no
> ability to do things like implement rbl checks, etc.
> 4. All configuration information is saved in text files (I am sure about
> this on the Unix version, and I think this is so on the Win/NT version.)
> So, you can look for "config" files in the likely place (the install
> directory of the sw), and look around in them.  I would stay away from
> messing with them outside of the browser UI

One of the reasons I'm looking for so much detailed information is 
automating the configuration process.

> I have a copy of the documentation which I will send to Matthew under
> separate cover.  He can provide it to others if he chooses

In the process of revamping my website (http://itys.net/) however I will 
make these available shortly under http://itys.net/infosec/

> As an interesting historical note.  The AltaVista Firewall product grew from
> work which was originally done at DEC by Marcus Ranum and a few others when
> he worked with Fred Avolio back in the late 80's and early 90's.  I had the
> pleasure of knowing them then.  They had the vision to know that the
> marketplace needed a "real" firewall product.  So, they and a few others
> built one.  The AltaVista FW product was intended to be an easy to use
> "gadget" which didn't really need the skills of a sophisticated security
> professional to install configure and deploy.  
>
> Digital created an entire product line around the Search Engine, the
> Firewall, and some other things, pieces of which were sold off as the
> Company required cash to keep running after serious management blunders in
> the 90's and before it was acquired by Compaq.

Thanks for the information.

> +---------------------------------------+
> Bruce B. Platt, Ph.D.
>
>
>
> > -----Original Message-----
> > From: Matthew J. Harmon [mailto:mjh () itys net]
> > Sent: Tuesday, June 08, 2004 10:50 PM
> > To: firewall-wizards () honor icsalabs com
> > Subject: [fw-wiz] AltaVista Firewall
> >
> >
> > I recently entered an client engagement and they are using 
> > the AltaVista 
> > Firewall (migrating away, but still need support).  About 
> > five years ago 
> > I very briefly worked with this product (Digital -> 
> > Compaq/HP) which now 
> > appears to have no support, the digital.com website for their 
> > software 
> > (altavista.software.digital.com) is gone, the compaq website only has 
> > product information (no technical documentation) and the support tech 
> > (last ditch effort!) I talked to argued with me for ten minutes about 
> > how AltaVista is a search engine and not a firewall.
> >
> > So far, my only luck has been the wayback machine, which has even 
> > provided me little information.
> >
> > At this point, I am tossing myself at the mercy of those who may have 
> > experience with this firewall and perhaps documentation saved around 
> > somewhere?  Or even a quick write up would be great.  With 
> > permission, I 
> > will make a quick AltaVista Firewall 101 FAQ.
> >
> > Thanks for any help you can provide!
> >
> > -Matthew
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () honor icsalabs com
> > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards