RE: Distributed Firewall

["Ken Kousky" <kkousky () ip3inc com>]

If I understand your question, I think you're describing what Zone Labs
(www.zonelabs.com/integrity) does in managing their distributed
workstation firewalls. This is a vital approach since most nets have
extended their perimeters to include wondering remotes.

I was in the lobby of a major hotel in SF last week during RSA and
watched an SE from a leading industry vendor sniffing wireless traffic
from many competitors. Assuming that we've all become this causal about
protecting our wondering systems, it reasonable to expect exposures from
wondering PCs will only grow rapidly.

It's essential that organizations look at the central management of
workstation firewalls since their active management is not appropriately
or adequately addressed by users.

KWK

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Wednesday, April 23, 2003 1:11 PM
To: 'Kendric'; security-basics () lists securityfocus com
Subject: RE: Distributed Firewall

> -----Original Message-----
> From: Kendric [mailto:Kendric () hotpop com]
>
> Hi, just wondering if any of you guys heard of this concept 
> of distributed
> firewall? I have done some research on it and found it to be quite a
> wonderful concept into bringing the firewall platform to each 
> client/server
> end with a central management policy. In other words, it is 
> like having a
> personal firewall on each individual machine, but centrally 
> managed by a
> remote management console. In this way, we will not have to 
> put any trust
> even on the machines on the intranet. Any comments?

  I think the idea probably has some merit as part of a "defence
in depth" approach.
  But I don't think it's sufficient on its own, because the
resources that need to be protected do not exist just on the
individual machines.  The network which connects them -- upon
which this approach DEPENDS rather heavily! -- lies outside 
the boundary of what can be protected this way.

  A network which includes both gateway firewalls and individual 
host security is going to be a harder nut to crack than a network
that relies on only one or the other approach.  And centralised
administration of individual-host firewalls is an idea whose time
is surely here.

David Gillett



------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam,
the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by
professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no
vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today
to 
ensure your place.
http://www.securityfocus.com/BlackHat-security-basics 
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------