Full Disclosure mailing list archives
RE: Sidewinder G2
From: "Paul Niranjan" <niranjan () tasintegrators com>
Date: Tue, 18 Nov 2003 12:59:12 +0530
Comments please Secure Computing Sidewinder G2 Firewall Stops New High-Profile Sendmail Attack Secure's Sidewinder G2 Firewall with Patented Type Enforcement Technology Prevents Sendmail Attack Warned About in CERT Advisory CA-2003-07 - No Emergency Security Patches Required SAN JOSE, Calif., March 10, 2003 - Secure Computing Corporation (Nasdaq: SCUR), the experts in protecting the most important networks in the world, today announced that the SidewinderR G2 FirewallT and VPN gateway continues to prove itself to be the world's strongest firewall in the face of another high profile attack directed at a basic component of the Internet's infrastructure. The software vulnerability, along with the related attack, worst case outcome, and recommend response was reported by the Computer Emergency Response Team (CERT) at Carnegie Mellon University in CERT advisory CA-2003-07. The attack targets vulnerabilities in e-mail transfer servers, called Sendmail servers. Sendmail is the cornerstone application on the Internet used for moving billions of e-mail messages daily. More than half of the large ISPs and Fortune 500 companies use Sendmail, as well as Governments around the world. The Sidewinder G2 Firewall, protected by Secure Computing's patented Type EnforcementR technology, is fully capable of defending itself against this attack without incident and will continue passing only legitimate mail messages on to internal mail servers. Furthermore, if a mail message containing this attack is processed on the Sidewinder G2 Firewall for mail-forwarding services, the malicious 'attack code' embedded in the message is automatically manipulated, rendering the attack benign before the Sidewinder G2 Firewall delivers it to any internal Sendmail servers. Weaker stateful inspection firewalls that often claim speed as their number one value proposition will pass the malicious code in question directly through to internal mail servers. "Secure Computing's Sidewinder G2 Firewall offers a defense against Sendmail attacks because it contains an embedded SecureOST operating system, application proxy architecture, and its own secure Sendmail server," said Charles Kolodgy, research director, Security Products at IDC. "Even more significant is Sidewinder's potential to defend against possible Sendmail attacks without any patches." This high profile attack is very dangerous as it can be used to take complete root control of Sendmail servers, thus giving the attacker a strong foothold on internal networks from anywhere across the Internet. Since the attack is message-oriented (application layer) as opposed to connection-oriented (packet layer), only Layer 7 application firewalls like the Sidewinder G2 Firewall can stop the attack at the perimeter. In addition, Sidewinder's natively embedded intrusion detection, real-time forensics, and automated alerting system called StrikebackR would trigger multiple security alarms in the case of this remote buffer overflow Sendmail attack. "Most organizations that run traditional stateful inspection firewalls, and companies that manufacture them, are looking at very serious security risks and reactive, preventive, steps to remove those risks," said Mike Gallagher, vice president and general manager of the network security division at Secure Computing. "Sidewinder G2 customers, however, have no panic situation occurring because they know that Sidewinder's hybrid architecture renders this attack useless against both the hosted Sendmail services on Sidewinder G2 and any targeted Sendmail services behind the firewall." A typical countermeasure to this class of attack for organizations that don't have hybrid, high-security firewalls like the Sidewinder G2 Firewall, is to apply and test emergency security patches on all vulnerable Sendmail servers. This react-and-patch cycle is very costly and disruptive. Secure's firewall customers have been sent a reassuring letter notifying them about the details of this vulnerability and reiterating that there is no need for emergency security patches. Secure refers to its patented high-security firewall design as multi-layered defense-in-depth security because it protects against both known and unknown vulnerabilities. About Secure Computing Secure Computing (Nasdaq: SCUR) has been protecting the most important networks in the world for over 20 years. With broad expertise in security technology, we develop network security products that help our customers create a trusted environment both inside and outside of their organizations. Our global customers and partners include the majority of the Dow Jones Global 50 Titans and the most prominent organizations in banking, financial services, healthcare, telecommunications, manufacturing, public utilities, and federal and local governments. The company is headquartered in San Jose, Calif., and has sales offices worldwide. For more information, see http://www.securecomputing.com. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michael Gale Sent: 18 November 2003 04:14 To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Sidewinder G2 Hello, I agree, a Firewall should not be running any non-needed services, that is why you have a DMZ or SSN. To place your mail, DNS and other servers that require Internet access. I believe two of the most secure firewalls are Cisco Pix and the BorderWare Firewall. Cisco does not offer any services and Borderware offers a few for small business and are very restrictive. I suggest you get your money back -- I would rather take a linux box with lids (Linux Intrusion Detection System [ www.lids.org ]) then the Sidewinder. Michael. On Mon, 17 Nov 2003 15:40:01 -0500 Shawn McMahon <smcmahon () eiv com> wrote:
Daniel Sichel wrote:"Host the DNS and sendmail servers directly on your firewall. The operating system should be better protected against a wide-range of exploits."Implementing two of the most common targets of exploit sort of eliminates the usefulness of that "better" protection. Return their product and get your money back.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html Scanned by SecureSynergy VirusScreen Service. For more information log on to : http://www.securesynergyonline.com or http://www.securesynergy.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sidewinder G2 Daniel Sichel (Nov 17)
- Re: Sidewinder G2 Shawn McMahon (Nov 17)
- Re: Sidewinder G2 Michael Gale (Nov 17)
- RE: Sidewinder G2 Paul Niranjan (Nov 18)
- Re: Sidewinder G2 Goetz Von Berlichingen (Nov 18)
- My take on the Newly discovered Exchange Flaw Lan Guy (Nov 18)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Sidewinder G2 Michael Gale (Nov 18)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Message not available
- Message not available
- Re: Sidewinder G2 Michael Gale (Nov 18)
- Re: Sidewinder G2 Michael Gale (Nov 17)
- Re: Sidewinder G2 Shawn McMahon (Nov 17)
- <Possible follow-ups>
- RE: Sidewinder G2 Schmehl, Paul L (Nov 18)
- RE: Sidewinder G2 Ron DuFresne (Nov 20)