Security Basics mailing list archives

Re: Are Proxy Firewalls a Security Hole?

From: Dav Fisher <dfisher3202 () gmail com>
Date: Fri, 1 Jun 2012 14:40:49 -0700

First, thanks for all the great responses!

I'll respond to several emails at one time:

Use of EICAR in the middle of a file: If you proxy the entire file,
and the file size is within the acceptable limit of the firewall, no
problem, the virus is detected. Several firewalls have specific
configurations as to whether to detect EICAR or not, so you must
configure the firewall properly. Also used live stuff beside EICAR,
same result. So, the basis for the test is that the file you use must
be detectable when in full proxy mode and not when using a
stream-based method. In this case, we are using large files, but are
under the maximum allowed for the particular model.

Proxy firewalls and large files in general: Viruses are usually small,
but when embedded in large files, can be passed through without
detection. If this is not a big deal, why are companies like Fortinet,
Juniper, Watchguard, etc. pushing stream based AV/IPS/AS type
technology? Fortinet claims the fastest firewall in the world based on
SPI. Yet when Proxy AV is turned on, performance takes a nose-dive. So
they push 'FlowAV'. But from a marketing stance, still not noteworthy.

So, given that the Internet is getting faster and larger amounts of
data are being sent, I am suggesting proxy technology has hit a wall
and opening a major security hole. Yes, there are security holes
everywhere, but this will open a really nasty one.

Again, thanks for all the responses!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Are Proxy Firewalls a Security Hole? Dan Lynch (Jun 01)
- <Possible follow-ups>
- Re: Are Proxy Firewalls a Security Hole? Rob (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Stephanus J Alex Taidri (Jun 01)
  - Re: Are Proxy Firewalls a Security Hole? Dav Fisher (Jun 04)
- RE: Are Proxy Firewalls a Security Hole? David Harley (Jun 01)
- Re: Are Proxy Firewalls a Security Hole? Kurt Buff (Jun 01)