Search This Blog

Wednesday, April 29, 2009

firewall-wizards Digest, Vol 36, Issue 39

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. State of security technology for the enterprise (Chris Hughes)
2. Re: Who stay focused? (was: [Fwd: Question]) (Brian Loe)
3. Re: State of security technology for the enterprise (ArkanoiD)
4. Re: State of security technology for the enterprise (miedaner)


----------------------------------------------------------------------

Message: 1
Date: Wed, 29 Apr 2009 09:30:47 -0400
From: "Chris Hughes" <chughes@l8c.com>
Subject: [fw-wiz] State of security technology for the enterprise
To: <firewall-wizards@listserv.icsalabs.com>
Message-ID: <9CC9F9AEA25A4BF99D84C96705834679@Acer>
Content-Type: text/plain; charset="us-ascii"

Hello all.

I am currently developing a strategy for evolving the security for my
enterprise network. Currently I protect the core network (servers and
services) and internet with inline sensors, use HIDS on all client machines
(which performs event correlation with the inline sensors) content
filtering, use of AV on all hosts, SSL and IPSec VPN and spamfiltering on
the edge.

In reviewing the latest offerings I see that there are new and potentially
immature technologies that may be the direction I need to look. These
include:

DPI (deep packet inspection) firewalls

Content filtering on the firewall

SSL proxying with decryption for filtering abuse and data leak

DLP - related to ssl filtering but with the addition of protecting data at
rest from leaving the network.

VMWARE/Hypervisor sensors to protect my virtual infrastructure

The vendors offerings I am reviewing include:

Cisco

ISS

Juniper

Fortinet

Palo Alto

If I omitted serious contenders from my list please bring them to my
attention. I also have a feature matrix I am willing to share if anyone is
interested.

Cisco has point product solutions for the most part but Juniper, Palo Alto
and Fortinet are combining some of the new abilities into a single
appliance.

I am looking for conversation on the newer technologies as well as thoughts
of combining them on a single albeit clustered/HA appliance versus separate
solutions for each function. Another thing I wrestle with is single vendor
solutions versus hybrid solution that offers some dioversity and a system of
checks and balances.

Of particular interest is DPI. From what I read this will be a major
advance that really grants security admins control at the firewall that they
never had before.

Please share your thoughts.

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090429/caaef3b0/attachment-0001.html>

------------------------------

Message: 2
Date: Wed, 29 Apr 2009 09:45:32 -0500
From: Brian Loe <knobdy@gmail.com>
Subject: Re: [fw-wiz] Who stay focused? (was: [Fwd: Question])
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<3c4611bc0904290745u78211ee0i42cf9e34987c0a2d@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

On Fri, Apr 24, 2009 at 10:19 AM, hermit <hermit921@yahoo.com> wrote:

> I really have to agree with Ron on this. ?I see this all too often:
> Tech: ?"If you do that, this important functionality will break."
> Manager does that. ?Functionality breaks.
> Manager: "It is all your fault."
> Tech: "I warned you that would happen."
> Manager: "You didn't persuade me to not do it, so it is your fault."
> Manager spreads his version of fault around the company.
>
> hermit921

Sounds like you guys need to learn to use the email tool a little more
effectively.

I have never just advised against something verbally. I will ALWAYS
follow up a verbal comment with an email. I will copy anyone who might
be helpful or interested on that email, brief history of the
discussion thus far (i.e. "as we discussed earlier in our meeting,
after such and such was realized and such and such suggested, I
respectfully...") and, if necessary, provide evidence in support of my
argument.


------------------------------

Message: 3
Date: Thu, 30 Apr 2009 00:23:27 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] State of security technology for the enterprise
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20090429202327.GA100@eltex.net>
Content-Type: text/plain; charset=koi8-r

You are kidding calling those technologies "new"?

Actually we do need something new. Think
entitlement management, role-based access control, data flow tracking,
emdedded security tokens, OWASP frameworks, XML filtering etc.

At least document fingerprinting and discovery as poor man's solution.
And configuration management and endpoint security solutions (not just "AV"!) for sure.

We all are going nowere because we are stuck into our old toys -
DPI, IDS, AV, VPN etc and actually have no idea how data flow *should* be managed -
and you are afraid of "potentialy immature technologies"? God damn,
everything you list is old as mammoth's fossilized crap!

Well, have a look at IBM's Datapower at least - much of your data flow is XML, right?
And forget that Cisco makes "firewalls". Those are not worth their power supply units.

On Wed, Apr 29, 2009 at 09:30:47AM -0400, Chris Hughes wrote:
>
> Hello all.
>
>
> I am currently developing a strategy for evolving the security for my
> enterprise network. Currently I protect the core network (servers and
> services) and internet with inline sensors, use HIDS on all client
> machines (which performs event correlation with the inline sensors)
> content filtering, use of AV on all hosts, SSL and IPSec VPN and
> spamfiltering on the edge.
>
>
> In reviewing the latest offerings I see that there are new and
> potentially immature technologies that may be the direction I need to
> look. These include:
>
>
> DPI (deep packet inspection) firewalls
>
> Content filtering on the firewall
>
> SSL proxying with decryption for filtering abuse and data leak
>
> DLP - related to ssl filtering but with the addition of protecting
> data at rest from leaving the network.
>
> VMWARE/Hypervisor sensors to protect my virtual infrastructure
>
>
> The vendors offerings I am reviewing include:
>
>
> Cisco
>
> ISS
>
> Juniper
>
> Fortinet
>
> Palo Alto
>
>
> If I omitted serious contenders from my list please bring them to my
> attention. I also have a feature matrix I am willing to share if
> anyone is interested.
>
>
> Cisco has point product solutions for the most part but Juniper, Palo
> Alto and Fortinet are combining some of the new abilities into a
> single appliance.
>
>
> I am looking for conversation on the newer technologies as well as
> thoughts of combining them on a single albeit clustered/HA appliance
> versus separate solutions for each function. Another thing I wrestle
> with is single vendor solutions versus hybrid solution that offers
> some dioversity and a system of checks and balances.
>
>
> Of particular interest is DPI. From what I read this will be a major
> advance that really grants security admins control at the firewall
> that they never had before.
>
>
> Please share your thoughts.
>
>
> Thanks
>
> email protected and scanned by AdvascanTM - keeping email useful -
> www.advascan.com

> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

------------------------------

Message: 4
Date: Wed, 29 Apr 2009 21:52:33 -0400
From: "miedaner" <miedaner@twcny.rr.com>
Subject: Re: [fw-wiz] State of security technology for the enterprise
To: "Firewall Wizards Security Mailing List"
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <DLEJKHFJGLFILMOIIBLPGEDGCLAA.miedaner@twcny.rr.com>
Content-Type: text/plain; charset="us-ascii"

The underlying architecture is very important to providing control.

Build in security zones, dmz, transit, low to high zones.

>From layer 1-7 as you move from low to high zones controls should increase
and each zone should be setup to detect problems.

Less is more, permit few, deny all.

You can buy all the gadgets you want but in the arms race that has been
occuring for as long as I can remember, you will never ever be ahead of the
enemy, or clueless user, unless you don't allow it by default.
That being said my experience

Cisco is weak

Love Netscreen/Juniper

ISS is expensive and since IBM took them over is getting weaker

Palo Alto seems promising

Sidewinder is good

DPI is a marketing term to me

-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of Chris
Hughes
Sent: Wednesday, April 29, 2009 9:31 AM
To: firewall-wizards@listserv.icsalabs.com
Subject: [fw-wiz] State of security technology for the enterprise


Hello all.

I am currently developing a strategy for evolving the security for my
enterprise network. Currently I protect the core network (servers and
services) and internet with inline sensors, use HIDS on all client machines
(which performs event correlation with the inline sensors) content
filtering, use of AV on all hosts, SSL and IPSec VPN and spamfiltering on
the edge.

In reviewing the latest offerings I see that there are new and potentially
immature technologies that may be the direction I need to look. These
include:

DPI (deep packet inspection) firewalls

Content filtering on the firewall

SSL proxying with decryption for filtering abuse and data leak

DLP - related to ssl filtering but with the addition of protecting data at
rest from leaving the network.

VMWARE/Hypervisor sensors to protect my virtual infrastructure

The vendors offerings I am reviewing include:

Cisco

ISS

Juniper

Fortinet

Palo Alto

If I omitted serious contenders from my list please bring them to my
attention. I also have a feature matrix I am willing to share if anyone is
interested.

Cisco has point product solutions for the most part but Juniper, Palo Alto
and Fortinet are combining some of the new abilities into a single
appliance.

I am looking for conversation on the newer technologies as well as
thoughts of combining them on a single albeit clustered/HA appliance versus
separate solutions for each function. Another thing I wrestle with is
single vendor solutions versus hybrid solution that offers some dioversity
and a system of checks and balances.

Of particular interest is DPI. From what I read this will be a major
advance that really grants security admins control at the firewall that they
never had before.

Please share your thoughts.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090429/1749774d/attachment.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 36, Issue 39
************************************************

No comments: