Firewall Wizards mailing list archives
Re: Secure Computing Sidewinder?
From: ArkanoiD <ark () eltex net>
Date: Tue, 10 Jun 2008 09:36:52 -0600
No, being "application layer proxy" means there is no such thing as a packet for the inspection engine. It means the firewall terminates tcp session by itself and starts new one on the behalf of client. So it does not matter how data is distributed among packets. And it is still useful even if you do not have up to date signature database of "known bad things". With Sidewinder, you do, however. On Sun, Jun 08, 2008 at 11:23:49AM +0100, Paul Hutchings wrote:
I know both ISA and Sidewinder are "Application Layer" firewalls and act as proxies etc. but I'm struggling to get my head around why one might be "better" than the other, I guess I'm a little unclear on exactly what "Application Layer" means tbh despite reading various definitions? My understanding with the Sidewinder is that the proxies receive each packet, tear it apart, inspects it, and then depending on the protocol it drops/discards anything that is dangerous, and in the case of safe content rewrites the packet and makes the connection itself it so that the source machine never connects directly to the destination, rather the connection always terminates at the Sidewinder, which makes the connection on its behalf? I'm also struggling to understand how useful an application layer firewall is when it seemingly is never updated i.e. Microsoft ISA server? Our requirements are pretty simple I would imagine: We want to let traffic out, with the source being restricted by IP address or Active Directory user. Mostly standard protocols such as dns/smtp/http/https/ftp where we would expect all traffic to conform to the protocol. In some instances we'll need to open port X to destination Y and would want to simply allow traffic to pass and wouldn't expect a firewall to know what the traffic is as it will be something unique to an application that we're using. We want to allow smtp in, as well as a few specific internal websites such as Outlook Web Access etc. which use HTTPS. I'd appreciate any input on the specifics of how the two products differ and how one might be considered "better" than the other both in terms of bottom line security, and our requirements. cheers, Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Secure Computing Sidewinder? Paul Hutchings (Jun 10)
- Re: Secure Computing Sidewinder? ArkanoiD (Jun 10)
- Re: Secure Computing Sidewinder? K K (Jun 10)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 11)
- Re: Secure Computing Sidewinder? Paul D. Robertson (Jun 11)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 12)
- Re: Secure Computing Sidewinder? lordchariot (Jun 13)
- Re: Secure Computing Sidewinder? Paul Hutchings (Jun 11)
- Re: Secure Computing Sidewinder? Keith A. Glass (Jun 11)
- Re: Secure Computing Sidewinder? Paul D. Robertson (Jun 11)
- Re: Secure Computing Sidewinder? K K (Jun 11)