Am I dreaming or is there a way to enforce different security Zon es at an application layer?

[David Mackie <DMackie () ces com au>]

I suspect that this would be VERY Hard.

I have been asked to find a way to do the following...

Intercept an FTP, HTTP stream, file copy or even Notes Database replication
do some fancy rules based scanning and send on the traffic.

I have thought about using CVP on FW-1 and a modified virus definition file
to strip out the unwanted content.
This would not help with copying files to a UNC Share and would possibily
have problems with notes databases.

The other problem that we would have is some destinations could be allowed
to get things that are Secret but not REALLY Secret 
Worse we will share most of our secrets but not ones which are secrets of
just me and my mate.

I would want to log everything not just attempts to send to invalid
destinations.

Would I do this by having a Custom Proxy grab the files put them in a
gateway directory where we run our tests and then move it to a Mail Slot for
delivery if clean/valid.

Can you trick HTTP/FTP to respond normally so that the user does not know it
is really store and forward?

Is this a dream or can someone code this?

Regards
David

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards