Penetration Testing mailing list archives
Re: firewall question
From: dr.kaos <dr.kaos () kaos to>
Date: Fri, 15 Feb 2002 11:15:28 -0500
On Friday 15 February 2002 10:45 am, Ralph Los wrote:
All, I am currently in the process of testing CyberGuard's firewall(s), which claim to be packetfilter + proxy based. I am looking for someone outside my lab (external) to partner with in conducting strenuous testing, with some extensive 'packet crafting' attacks, etc. Cheers! Response is appreciated...
Be happy to help if I can put my hands on a CyberGuard box, however, I must say that I'm a bit skeptical of any product that tries to bridge the functionality gap of a proxy and stateful filter. Granted, i've never implemented a CyberGuard box, but the benefits of each firewalling methodology are so distinctly different, and are likely better offered by a heterogeneous combination of multiple firewalls than by a box that tries to "do it all." That certainly isn't to say that someone couldn't prove me wrong, but I suspect that CyberGuard's "SmartProxies" are very similar in design to CheckPoint's "Security Servers" -- poorly designed content filtering mechanisms designed to overcome the basic limitations of filtering traffic without validating application layer content. I hope I offend no one in saying so (I don't suspect that I will, though, as numerous CheckPoint employess have shared with me their similar views on their own Security Servers), but I really don't think these stateful firewall vendors should be trying to put proxies on their boxes. IMHO: let the stateful firewall do one thing very well, and leave the proxying to a vendor with the expertise in writing proxies. ./dr.kaos ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- firewall question leon (Feb 14)
- Re: firewall question Rzac` (Feb 14)
- Re: firewall question Michael Starr (Feb 14)
- Re: firewall question John Adams (Feb 14)
- Re: firewall question dr . kaos (Feb 14)
- RE: firewall question Panos Dimitriou (Feb 15)
- <Possible follow-ups>
- Re: firewall question Dario N. Ciccarone (Feb 14)
- RE: firewall question Matt Peterson (Feb 15)
- Re: firewall question dr . kaos (Feb 15)