RE: Sidewinder G2

["Paul Niranjan" <niranjan () tasintegrators com>]

Comments please


Secure Computing Sidewinder G2 Firewall Stops New High-Profile Sendmail
Attack 
Secure's Sidewinder G2 Firewall with Patented Type Enforcement
Technology Prevents Sendmail Attack Warned About in CERT Advisory
CA-2003-07 - No Emergency Security Patches Required 

SAN JOSE, Calif., March 10, 2003 - Secure Computing Corporation (Nasdaq:
SCUR), the experts in protecting the most important networks in the
world, today announced that the SidewinderR G2 FirewallT and VPN gateway
continues to prove itself to be the world's strongest firewall in the
face of another high profile attack directed at a basic component of the
Internet's infrastructure. The software vulnerability, along with the
related attack, worst case outcome, and recommend response was reported
by the Computer Emergency Response Team (CERT) at Carnegie Mellon
University in CERT advisory CA-2003-07. The attack targets
vulnerabilities in e-mail transfer servers, called Sendmail servers.
Sendmail is the cornerstone application on the Internet used for moving
billions of e-mail messages daily. More than half of the large ISPs and
Fortune 500 companies use Sendmail, as well as Governments around the
world. 

The Sidewinder G2 Firewall, protected by Secure Computing's patented
Type EnforcementR technology, is fully capable of defending itself
against this attack without incident and will continue passing only
legitimate mail messages on to internal mail servers. Furthermore, if a
mail message containing this attack is processed on the Sidewinder G2
Firewall for mail-forwarding services, the malicious 'attack code'
embedded in the message is automatically manipulated, rendering the
attack benign before the Sidewinder G2 Firewall delivers it to any
internal Sendmail servers. Weaker stateful inspection firewalls that
often claim speed as their number one value proposition will pass the
malicious code in question directly through to internal mail servers. 

"Secure Computing's Sidewinder G2 Firewall offers a defense against
Sendmail attacks because it contains an embedded SecureOST operating
system, application proxy architecture, and its own secure Sendmail
server," said Charles Kolodgy, research director, Security Products at
IDC. "Even more significant is Sidewinder's potential to defend against
possible Sendmail attacks without any patches." 

This high profile attack is very dangerous as it can be used to take
complete root control of Sendmail servers, thus giving the attacker a
strong foothold on internal networks from anywhere across the Internet.
Since the attack is message-oriented (application layer) as opposed to
connection-oriented (packet layer), only Layer 7 application firewalls
like the Sidewinder G2 Firewall can stop the attack at the perimeter. In
addition, Sidewinder's natively embedded intrusion detection, real-time
forensics, and automated alerting system called StrikebackR would
trigger multiple security alarms in the case of this remote buffer
overflow Sendmail attack. 

"Most organizations that run traditional stateful inspection firewalls,
and companies that manufacture them, are looking at very serious
security risks and reactive, preventive, steps to remove those risks,"
said Mike Gallagher, vice president and general manager of the network
security division at Secure Computing. "Sidewinder G2 customers,
however, have no panic situation occurring because they know that
Sidewinder's hybrid architecture renders this attack useless against
both the hosted Sendmail services on Sidewinder G2 and any targeted
Sendmail services behind the firewall." 

A typical countermeasure to this class of attack for organizations that
don't have hybrid, high-security firewalls like the Sidewinder G2
Firewall, is to apply and test emergency security patches on all
vulnerable Sendmail servers. This react-and-patch cycle is very costly
and disruptive. Secure's firewall customers have been sent a reassuring
letter notifying them about the details of this vulnerability and
reiterating that there is no need for emergency security patches. Secure
refers to its patented high-security firewall design as multi-layered
defense-in-depth security because it protects against both known and
unknown vulnerabilities. 

About Secure Computing
Secure Computing (Nasdaq: SCUR) has been protecting the most important
networks in the world for over 20 years. With broad expertise in
security technology, we develop network security products that help our
customers create a trusted environment both inside and outside of their
organizations. Our global customers and partners include the majority of
the Dow Jones Global 50 Titans and the most prominent organizations in
banking, financial services, healthcare, telecommunications,
manufacturing, public utilities, and federal and local governments. The
company is headquartered in San Jose, Calif., and has sales offices
worldwide. For more information, see http://www.securecomputing.com. 






-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michael
Gale
Sent: 18 November 2003 04:14
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Sidewinder G2


Hello,

        I agree, a Firewall should not be running any non-needed
services, that
is why you have a DMZ or SSN. To place your mail, DNS and other servers
that require Internet access.

I believe two of the most secure firewalls are Cisco Pix and the
BorderWare Firewall. Cisco does not offer any services and Borderware
offers a few for small business and are very restrictive.

I suggest you get your money back -- I would rather take a linux box
with lids (Linux Intrusion Detection System [ www.lids.org ]) then the
Sidewinder.

Michael.

On Mon, 17 Nov 2003 15:40:01 -0500
Shawn McMahon <smcmahon () eiv com> wrote:

> Daniel Sichel wrote:
> > "Host the DNS and sendmail servers directly on your firewall. The 
> > operating system should be better protected against a wide-range of
> > exploits."
>
>
> Implementing two of the most common targets of exploit sort of 
> eliminates the usefulness of that "better" protection.  Return their 
> product and get your money back.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Scanned by SecureSynergy VirusScreen Service. 
For more information log on to : http://www.securesynergyonline.com or http://www.securesynergy.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html