Firewall Wizards mailing list archives
Re: Secure Computing Sidewinder?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 11 Jun 2008 13:43:24 -0400 (EDT)
On Tue, 10 Jun 2008, Paul Hutchings wrote:
When I looked, replacing the ISA Server actually would cost more than a 210E. Now granted the 210E is the baby of the range, but looking
Last time I played with ISA, it wasn't an application-layer gateway, it was a bastardized SOCKS circuit-layer gateway. That means it was doing more to enforce what connected than what went through it.
I am also impressed with the Sidewinders credentials, I was googling
There was a school of thought (and I was in it for a long while, though not particularly on the Sidewinder implementation) that said that you had to trust your firewall and ensure it couldn't be used to harm your network, and it couldn't be compromised if you wanted to handle different users differently. That meant trusted systems implementations. Sidewinder does a good job of that, unfortunately in the real world, people decided they'd let pretty-much anything tunnel through their firewalls to pretty-much any client[1]- so the firewall couldn't ever be the weak link, and therefore didn't need to be that difficult to write, validate and administer. Plus they decided things like calander applications and MS's single sign on beat protecting their servers. So despite the better security model of a proxy, packet filters pretty much won the day. Paul [1] The only redeeming feature I saw of using ISA was enforcing what client programs could connect to it, but SRPs are a better way to enforce that IMO, and I'd still be wary of not shielding one with another system. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://www.fluiditgroup.com/blog/pdr/ Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Secure Computing Sidewinder? Paul Hutchings (Jun 10)
- Re: Secure Computing Sidewinder? ArkanoiD (Jun 10)
- Re: Secure Computing Sidewinder? K K (Jun 10)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 11)
- Re: Secure Computing Sidewinder? Paul D. Robertson (Jun 11)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 12)
- Re: Secure Computing Sidewinder? lordchariot (Jun 13)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 11)
- Re: Secure Computing Sidewinder? Keith A. Glass (Jun 11)
- Re: Secure Computing Sidewinder? Paul D. Robertson (Jun 11)
- Re: Secure Computing Sidewinder? K K (Jun 11)