Search This Blog

Monday, July 09, 2007

firewall-wizards Digest, Vol 15, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Recommended Open Source Proxy Firewalls (Jon Sabo)
2. Re: Recommended Open Source Proxy Firewalls (Dave Piscitello)
3. Re: Fwd: Recommended Open Source Proxy Firewalls (Mathew Brown)
4. Re: Recommended Open Source Proxy Firewalls (Paul Melson)
5. Re: Recommended Open Source Proxy Firewalls (Farrukh Haroon)


----------------------------------------------------------------------

Message: 1
Date: Mon, 9 Jul 2007 15:57:53 -0400
From: "Jon Sabo" <jonathan.sabo@gmail.com>
Subject: Re: [fw-wiz] Recommended Open Source Proxy Firewalls
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<fa2952810707091257g17af27b1h7e6e1794241d8ea5@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Here's one I looked at awhile ago.... open source but maybe not free:

http://www.balabit.com/products/zorp/

The Symantec Raptor firewall which became the Symantec Gateway Security blah
blah is going away. I think they are getting out of the firewall biz.

With love,

Jonathan

On 7/9/07, Gumennik, Mark J. <mgumennik@mitre.org> wrote:
>
> This article is 2000 years old, but still true
> I don't know any open source ones, but did work with 2 good commercial
> ones:
> - Sidewinder by Secure Computing
> - Raptor, now by Symantec
>
> Mark G
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.cybertrust.com
> [mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
> Mathew Brown
> Sent: Sunday, July 08, 2007 12:34 PM
> To: firewall-wizards@listserv.cybertrust.com
> Subject: [fw-wiz] Recommended Open Source Proxy Firewalls
>
> Hi,
> I just finished reading Marcus Ranum's very interesting paper -
>
> http://www.ranum.com/security/computer_security/editorials/deepinspect/
> index.html
> - comparing "deep packet inspection firewalls" with "proxy firewalls"
> and was interested in investigating open source "proxy firewalls".
> Do
> open source proxy firewalls even exist, and if so, which would you
> recommend and why? Thank you for your help.
> --
> Mathew Brown
> mathewbrown@fastmail.fm
>
> --
> http://www.fastmail.fm - A no graphics, no pop-ups email service
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070709/441b25cd/attachment-0001.html


------------------------------

Message: 2
Date: Mon, 09 Jul 2007 16:03:48 -0400
From: Dave Piscitello <dave@corecom.com>
Subject: Re: [fw-wiz] Recommended Open Source Proxy Firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <469294A4.60507@corecom.com>
Content-Type: text/plain; charset="iso-8859-1"

Patrick M. Hausen wrote:

> And as much as I prefer Sidewinder over every competing product
> I've seen so far: it still does much too little! I'd love to
> have an HTTP proxy that takes a set of regular expressions to
> match against URLs that are permitted to be fetched from a
> protected web server and denies everything else.

I believe you can do this with the HTTP proxy on a watchguard firewall.
I've done similar regexp on URLs to complement the IPS and antispyware
on the box so I can do zero-day attack blocking as soon as I know enough
about the malicious file to define an expression.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dave.vcf
Type: text/x-vcard
Size: 220 bytes
Desc: not available
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070709/5e3a164d/attachment-0002.bin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url : https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070709/5e3a164d/attachment-0003.bin


------------------------------

Message: 3
Date: Mon, 09 Jul 2007 13:13:01 -0700
From: "Mathew Brown" <mathewbrown@fastmail.fm>
Subject: Re: [fw-wiz] Fwd: Recommended Open Source Proxy Firewalls
To: "Jon Sabo" <jonathan.sabo@gmail.com>
Cc: firewall-wizards@listserv.cybertrust.com
Message-ID: <1184011981.1245.1199278975@webmail.messagingengine.com>
Content-Type: text/plain; charset="iso-8859-1"

Thanks Jon (and Patrick and Mark). I just ran into Zorp earlier today
but was still looking into who was actually using it and how good an
implementation of a proxy firewall it is. Any ideas? Thanks.

Jon Sabo wrote:
>
>
> ---------- Forwarded message ----------
> From: Jon Sabo <jonathan.sabo@gmail.com>
> Date: Jul 9, 2007 3:57 PM
> Subject: Re: [fw-wiz] Recommended Open Source Proxy Firewalls
> To: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
> Cc: Firewall Wizards Security Mailing List <firewall-wizards@listserv.cybertrust.com>
>
> Here's one I looked at awhile ago.... open source but maybe not free:
>
> http://www.balabit.com/products/zorp/
>
> The Symantec Raptor firewall which became the Symantec Gateway Security blah blah is going away. I think they are getting out of the firewall biz.
>
> With love,
>
> Jonathan
>
>
> On 7/9/07, Gumennik, Mark J. < mgumennik@mitre.org> wrote:
>
> This article is 2000 years old, but still true
> I don't know any open source ones, but did work with 2 good commercial
> ones:
> - Sidewinder by Secure Computing
> - Raptor, now by Symantec
>
> Mark G
>
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.cybertrust.com
> [mailto: firewall-wizards-bounces@listserv.cybertrust.com ] On Behalf Of
> Mathew Brown
> Sent: Sunday, July 08, 2007 12:34 PM
> To: firewall-wizards@listserv.cybertrust.com
> Subject: [fw-wiz] Recommended Open Source Proxy Firewalls
>
> Hi,
> I just finished reading Marcus Ranum's very interesting paper -
>
>

http://www.ranum.com/security/computer_security/editorials/deepinspect/
> index.html
> - comparing "deep packet inspection firewalls" with "proxy firewalls"
> and was interested in investigating open source "proxy firewalls".
> Do
> open source proxy firewalls even exist, and if so, which would you
> recommend and why? Thank you for your help.
> --
> Mathew Brown
> mathewbrown@fastmail.fm
>
> --
>

http://www.fastmail.fm - A no graphics, no pop-ups email service
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
>

https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
>

https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
--
Mathew Brown
mathewbrown@fastmail.fm

--

http://www.fastmail.fm - Choose from over 50 domains or use your own

------------------------------

Message: 4
Date: Mon, 9 Jul 2007 16:18:47 -0400
From: "Paul Melson" <pmelson@gmail.com>
Subject: Re: [fw-wiz] Recommended Open Source Proxy Firewalls
To: "'Firewall Wizards Security Mailing List'"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <009d01c7c266$5b6c37a0$4d00300a@ad.priorityhealth.com>
Content-Type: text/plain; charset="us-ascii"

> I just finished reading Marcus Ranum's very interesting paper -
>
http://www.ranum.com/security/computer_security/editorials/deepinspect/index
.html
> - comparing "deep packet inspection firewalls" with "proxy firewalls"
> and was interested in investigating open source "proxy firewalls". Do
> open source proxy firewalls even exist, and if so, which would you
> recommend and why? Thank you for your help.

http://www.faqs.org/docs/Linux-mini/TransparentProxy.html

This HOWTO is a great place to start. Even though it is exclusive to Squid,
you can apply the same principles to other proxies including a SOCKS proxy
to handle generic services. Of course, unlike the commercial proxy
firewalls like Raptor and Sidewinder, you will have to build your own rules
and define what behaviors are allowed or prohibited for each proxy. The up
side is that you have a lot more flexibility to control or even replace
proxies with the Linux-based solution.

Before I recommended an actual distro, project, or product, I would
recommend that you build one of your own either in a lab or at home so that
you understand how they work, what they're good at, what they suck at, etc.
Then take those lessons back to work and determine where and how using
proxies is a good fit for your organization. Truth is, Marcus makes a
compelling argument about why proxies are generally superior for security,
but that doesn't mean that the gains will outweigh the effort for you and
your organization.

PaulM

------------------------------

Message: 5
Date: Tue, 10 Jul 2007 00:10:44 +0300
From: "Farrukh Haroon" <farrukhharoon@gmail.com>
Subject: Re: [fw-wiz] Recommended Open Source Proxy Firewalls
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<eff3217d0707091410t311bcd96q170f675dd115ef4d@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

AFAIK you can also do this HTTP regex bit on the Cisco ASA.

HTH

Farrukh


On 7/9/07, Jon Sabo <jonathan.sabo@gmail.com> wrote:
>
> Here's one I looked at awhile ago.... open source but maybe not free:
>
> http://www.balabit.com/products/zorp/
>
> The Symantec Raptor firewall which became the Symantec Gateway Security
> blah blah is going away. I think they are getting out of the firewall biz.
>
> With love,
>
> Jonathan
>
> On 7/9/07, Gumennik, Mark J. <mgumennik@mitre.org> wrote:
> >
> > This article is 2000 years old, but still true
> > I don't know any open source ones, but did work with 2 good commercial
> > ones:
> > - Sidewinder by Secure Computing
> > - Raptor, now by Symantec
> >
> > Mark G
> >
> > -----Original Message-----
> > From: firewall-wizards-bounces@listserv.cybertrust.com
> > [mailto:firewall-wizards-bounces@listserv.cybertrust.com ] On Behalf Of
> > Mathew Brown
> > Sent: Sunday, July 08, 2007 12:34 PM
> > To: firewall-wizards@listserv.cybertrust.com
> > Subject: [fw-wiz] Recommended Open Source Proxy Firewalls
> >
> > Hi,
> > I just finished reading Marcus Ranum's very interesting paper -
> >
> > http://www.ranum.com/security/computer_security/editorials/deepinspect/
> > index.html
> > - comparing "deep packet inspection firewalls" with "proxy firewalls"
> > and was interested in investigating open source "proxy firewalls".
> > Do
> > open source proxy firewalls even exist, and if so, which would you
> > recommend and why? Thank you for your help.
> > --
> > Mathew Brown
> > mathewbrown@fastmail.fm
> >
> > --
> > http://www.fastmail.fm - A no graphics, no pop-ups email service
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20070710/4a4d0ff0/attachment.html


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 15, Issue 2
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)