Firewall Wizards mailing list archives
RE: Application Proxy/L7 Firewall Recommendation?
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Mon, 9 Sep 2002 10:58:04 -0500
-----Original Message----- From: Paul D. Robertson [mailto:proberts () patriot net] Sent: Monday, September 09, 2002 08:53 To: ark () eltex ru Cc: Wesley_Noonan () bmc com; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] Application Proxy/L7 Firewall Recommendation? On Mon, 9 Sep 2002 ark () eltex ru wrote:Microsoft ISA Server <gasp, he didn't really mention a non-*nix based product, much less a Microsoft product did he> :-) Actually, you really can use Microsoft ISA Server for this in various configurations.As well as any other firewall system. No ISA advantages here.Actually, the client coupling may be considered an advantage in some cases. Depending on your desktop environment, it may be a significant advantage- such as if you've permissioned desktop users away from installing and renaming software.Blocking Instant Messenger and other apps - article assumes that youarerunning the ISA client software: http://www.isaserver.org/pages/article.asp?id=215There are 2 techniques described here: blocking by windows executable name - trivial and trivial to bypassAFAIK, ISA is the only non-"PC firewall" product that does this. It doesn't matter that it's trivial to bypass in some instances... For instance, it may be very useful for policy enforcement- anyone who "doesn't know" the policy will create a denied log entry and can be suitably chastised by the policy police who come a waving their CISSP badges. Anyone who purposefully renames executables is definitely on the list of "knowingly violoating the policy" and can get scheduled for their HR appointment or outprocessing briefing.
Something else that starts to fall outside of a strict "firewall" discussion, but is probably relevant to this particular discussion is the use of group policy in conjunction with the firewall client to permit/deny access. Good points by all though. Good discussion. Thanks. Wes Noonan, MCSE/CCNA/CCDA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application Proxy/L7 Firewall Recommendation?, (continued)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Adam Shostack (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Balazs Scheidler (Sep 06)
- Re: Application Proxy/L7 Firewall Recommendation? Carson Gaspar (Sep 05)
- RE: Application Proxy/L7 Firewall Recommendation? Paul D. Robertson (Sep 09)
- Re: Application Proxy/L7 Firewall Recommendation? ark (Sep 09)