Firewall Wizards mailing list archives
RE:SANS Top Ten and Commercial Firewalls
From: "manatworkyes moderator" <devekboy () hotmail com>
Date: Wed, 02 Oct 2002 20:59:39 +0000
A firewall is only ONE tool in the chain of products that should be used in order to mitigate vulnerabilities.
Personally, I am a Check Point fan. I admit and take full responsebility :-)Their product line is far more then a firewall. Thus, mitigation of the problems can be achieved using their different tools, all are centrally managed.
For example :W1,W2 are controlled with their Smart Defense. U2 , including the Slapper worm, can also be mitigated if you only allow SSLv3 based traffic to your servers. (requires some INSPECT work over tcp/443)
You skipped W4 which can be controlled using CIFS rules. In this way, only authenticated users can access defined network shares (so here goes W5 as well)
They have code to check the bind vul. as well etc.In my opinion, as a SECURITY device they are the best (Still, they can do more.
For the client side, it is possible to use the personal firewall and SCV checks. This verifies pre-defined rules that if not matched, the user will not be able to get into the VPN. A check can be to look for specific registry settings, or specific IE settings etc.
So, to make this short (unlike you I'm lazy:-) In my opinion they cover about everything.
--D -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Gary Flynn Sent: Wednesday, October 02, 2002 7:28 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] SANS Top Ten and Commercial Firewalls Being efficient (as opposed to being lazy :) I thought I'd pose a question here to a body of folks familiar with the firewall marketplace rather than scour individual commercial web sites where details are often rare. Of the SANS "Twenty Most Critical Internet Security Vulnerabilities" ( http://www.sans.org/top20 ) how many are addressed by the majority of commercial firewalls without resorting to blocking the associated port and service entirely? In other words, how many of them can detect and block things like: W1. IIS malicious requests for cmd.exe and sample files and buffer overflows. W2. Requests for MDAC access W3. Malicious SQL Server requests based on patched defects or sa access without a password. W5. Null netbios access (as opposed to all netbios access) W6. Netbios sessions based on LM Hash. W7. Netbios sessions to accounts with no passwords. W8. Malicious HTTP responses exploiting IE defects. W9. Remote Registry Access U1. Malicious RPC calls U2. Malicious HTTP calls to Apache web servers exploiting the OpenSSL or Apache chunk handling defects. U3. Malicious SSH requests exploiting SSH defects. U4. Malicious SNMP requests or requests with the community name blank or equal to "public". U5. Malicious requests to FTP servers exploiting wu-ftp defects. U7. Malicious requests to the line printer daemon. U8. Malicious requests to sendmail. U9. Malicious requests to bind. I know there will be variances and subsets but I was hoping to get some kind of general feeling for the overall coverage. If you know of a better place to pose the question, please let me know. thanks, -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SANS Top Ten and Commercial Firewalls, (continued)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls m p (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Ryan M. Ferris (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls ark (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Kevin Steves (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 04)