RE: Are Proxy Firewalls a Security Hole?

[Dan Lynch <DLynch () placer ca gov>]

> Given that people are sending larger and larger files, proxy firewalls
> seem to be limited since they can't inspect files after a certain
> point and the 'stream', 'flow', 'express' AV options of many of the
> proxy firewall vendors inspect only a portion of the large file. I've
> been able to put the Eicar virus in different locations of a large
> test file and successfully get the file through the firewall.
>
> So, are proxy firewalls a security hole?

Everything's a "security hole". Since every security precaution is a compromise, there are ways to bypass any of them. 
What's important is to consider the likelihood of one of those compromises being exploited, the value of the resources 
being protected, and the cost of closing the gap.

In your example, the vast majority of threats being protected against by perimeter proxy AV are tiny files - some html 
code, a script, etc. Capping AV scanning at say, 10 MB eliminates most threats, while preserving AV system resources. 
The risk of a malicious file hiding inside an 11 MB zip is real, but small enough to delegate off to desktop AV. 
Defense in depth.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------