Re: SANS Top Ten and Commercial Firewalls

[Kevin Steves <stevesk () pobox com>]

On Wed, Oct 02, 2002 at 08:59:39PM +0000, manatworkyes moderator wrote:
> For example :
>
> W1,W2 are controlled with their Smart Defense.  U2 , including the Slapper 
> worm, can also be mitigated if you only allow SSLv3 based traffic to your 
> servers. (requires some INSPECT work over tcp/443)
>
> You skipped W4 which can be controlled using CIFS rules. In this way, only 
> authenticated users can access defined network shares (so here goes W5 as 
> well)
>
> They have code to check the bind vul. as well etc.
> In my opinion, as a SECURITY device they are the best (Still, they can do 
> more.
>
> For the client side, it is possible to use the personal firewall and SCV 
> checks. This verifies pre-defined rules that if not matched, the user will 
> not be able to get into the VPN. A check can be to look for specific 
> registry settings, or  specific IE settings etc.
>
> So, to make this short (unlike you I'm lazy:-) In my opinion they cover 
> about everything.

The question is how many were covered "before" they were known
vulnerabilities?  That is the holy grail for the IDS crowd.  And if
your inbound policy would permit an attack, why wait for the firewall
vendor to add a signature instead of patching or blocking access?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards