Firewall Wizards mailing list archives
Re: netwolves
From: "Patrick M. Hausen" <hausen () punkt de>
Date: Fri, 21 Dec 2001 09:18:05 +0100 (CET)
Hi all! David Lang wrote:
as I understand it the CVP is an 'Industry Standard' that only checkpoint firewalls use.
Almost correct ;-) CVP version 1.0 is standardized and available from multiple vendors to a certain extent. The Gauntlet firewall, for example, uses it. Unfortunately the protocol spec for CVP 1.0 is broken by design - hard coded limit of the number of concurrent sessions from firewall to scanner, just to name one. It's pretty usable for email, though, where scanning can easily be serialized. We use it with Gauntlet and F-Secure content scanner. This lead to the development of CVP 2.0 - although Checkpoint claims it was an open standard, I wasn't able to find sufficient documentation on it. All scanning engine vendors I know of only support Checkpoint firewalls as clients and AFAIK Checkpoint is the only firewall vendor to ship CVP 2.0. Not that they got it right this time. IIRC the number of concurrent scanning sessions was simply bumped from 5 (!) in 1.0 to 254 in 2.0. I seriously doubt if the concept of content inspection for HTTP or FTP does make sense at all. A sufficiently up-to-date desktop antivirus product should take care of downloads. Given the current protocols (HTTP/FTP), withholding the downloaded content from the application for an indeterminable amount of time until it is scanned and no virus found is bound to cause timeouts and abort the download altogether. And if you believe things like "data trickling" (sp?) will fix this, go search through Checkpoint mailing lists for a while ;-)) You might consider blocking certain mime types and/or file extensions completely for "ordinary users". Of course this can be circumvented intentionally. As can any content inspection by simply using SSL. Regards, Patrick M. Hausen Technical Director -- punkt.de GmbH Internet - Dienstleistungen - Beratung Scheffelstr. 17 a Tel. 0721 9109 -0 Fax: -100 76135 Karlsruhe http://punkt.de _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- netwolves Shailes Nanda (Dec 19)
- Re: netwolves David Lang (Dec 20)
- Re: netwolves Patrick M. Hausen (Dec 22)
- Re: netwolves David Lang (Dec 20)