Educause Security Discussion mailing list archives
Re: Ports/applications permitted for Guest Access
From: Dave Koontz <dkoontz () MBC EDU>
Date: Sun, 11 Sep 2011 13:11:29 -0400
As you've discovered, port based firewalls are no longer adequate in today's world. Any application can disguise itself as web traffic (http or https), and many "bad" things do. You need a firewall that can understand applications regardless of ports used. Take a look at Palo Alto networks solutions or any other next generation firewalls. I really believe Palo Alto has a huge lead currently in this market. I am sure that Cisco, Foundry, Juniper and others will catch up in a couple of years, but for now Palo Alto has a clear lead. Take a look at the last Gartner's Firewall report to see what I mean. -- Dave Koontz Mary Baldwin College Staunton, Virginia On 9/11/2011 10:39 AM, Robert Lau wrote:
Is anybody doing protocol/application inspection? Once ports 80/443/22/etc are allowed, an app can pump any data through; it does not have to be http/https/ssh/etc. In olden days, this would probably only be done by a clueful user, but many applications do this automatically now specifically to handle port restrictions. -robert
Current thread:
- Ports/applications permitted for Guest Access Roger A Safian (Sep 09)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access Derek Diget (Sep 09)
- Re: Ports/applications permitted for Guest Access Rowe, Ken (Sep 09)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Dave Koontz (Sep 11)
- Re: Ports/applications permitted for Guest Access Shannon Roddy (Sep 11)
- Re: Ports/applications permitted for Guest Access Valdis Kletnieks (Sep 11)
- Re: Ports/applications permitted for Guest Access David Gillett (Sep 12)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 16)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access (deep packet inspection) Barron Hulver (Sep 11)
- Re: Ports/applications permitted for Guest Access Matthew Gracie (Sep 19)
- Re: Ports/applications permitted for Guest Access Ed Zawacki (Sep 20)
- Re: Ports/applications permitted for Guest Access Roger A Safian (Sep 20)