WebApp Sec mailing list archives

Re: web appliaction security products (AKA application firewalls)

From: Dave Aitel <dave () immunitysec com>
Date: Sun, 24 Nov 2002 16:38:34 -0500

The only thing more annoying than a customer getting dropped is
customers getting _randomly_ dropped because they seem to be anomolies.
:>

Linux boxes are cheap, especially compared to having to do forensics and
complete reinstalls every time a new IIS bug comes out, not to mention
having to tell your customers and investors that everything they did
over that application was probably sniffed by an intruder, but you can't
prove it. (You probably WON'T tell them that, but it will be true.)

Dave Aitel
Immunity, Inc.


On Fri, 22 Nov 2002 10:09:45 -0800
securityarchitect () hush com wrote:


I have only looked at them all in brief. When my management found out
we were gonna stick a box between us and our customers that may stop a
legitimate customer coming in it got dropped like a lead ballon.

I have heard some horror stories of new applications coming online
that aren't classically written that get blocked. One has problems
with anything where you make changes in any way client-side (read if
you have Javascript or vbscript avoid like the plague). 

The proxy based ones are in my opinion the worst idea. The throughput
of them is pretty bad, they cant deal with load balancing well (cisco
director ).  They thruput issue is the big one. They are usually based
on a single Linux box and so just don't scale. If you wanna see SSL
they also have to decrypt ssl and so are effectively a choked router. 

If I were you and money is no object look at one of the new hardware
based IDS's that do anomoly detection. When it sits on the network and
knows the normalized packet characteristics, they pretty easily spot
wierd behaviour.  


On Wed, 20 Nov 2002 00:21:21 -0800 Shimon Silberschlag
<shimons () bll co il> wrote:

What is the group experience with these type of devices? Any good,
bad
or horror stories about using/maintaining them? Any specific
recommendations?

I know the charter doesn't really cater for discussion of commercial
tools so please keep answers
generic and objective

Shimon Silberschlag

+972-3-9352785
+972-51-207130




Get your free encrypted email at https://www.hushmail.com

Current thread:

web appliaction security products (AKA application firewalls) Shimon Silberschlag (Nov 22)
- Re: web appliaction security products (AKA application firewalls) Skip Carter (Nov 23)
- Re: web appliaction security products (AKA application firewalls) Kevin Spett (Nov 23)
- RE: web appliaction security products (AKA application firewalls) Fernando Martins (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Jason Childers (Nov 24)
  - Re: web appliaction security products (AKA application firewalls) Bennett Todd (Nov 25)
- <Possible follow-ups>
- RE: web appliaction security products (AKA application firewalls) Lars Troen (Nov 24)
  - Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)
- Re: web appliaction security products (AKA application firewalls) securityarchitect (Nov 24)
  - Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)