Search This Blog

Tuesday, May 03, 2011

firewall-wizards Digest, Vol 58, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Proxies, opensource and the general market: what's wrong
with us? (ArkanoiD)
2. Re: Proxies, opensource and the general market: what's wrong
with us? (ArkanoiD)
3. Re: Looking for firewall mgmt solution (ArkanoiD)
4. Re: Proxies, opensource and the general market: what's wrong
with us? (ArkanoiD)
5. Re: Proxies, opensource and the general market: what's wrong
with us? (Darren Reed)
6. Re: Proxies, opensource and the general market: what's wrong
with us? (Tracy Reed)
7. Re: Looking for firewall mgmt solution (Afsin Taskiran)


----------------------------------------------------------------------

Message: 1
Date: Mon, 2 May 2011 19:51:25 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Proxies, opensource and the general market:
what's wrong with us?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20110502155125.GA21443@eltex.net>
Content-Type: text/plain; charset=koi8-r

On Fri, Apr 29, 2011 at 12:50:35PM -0700, Darren Reed wrote:
> I think that what's happened is the relevant open source
> security tools for today are no longer proxies or packet
> filters but plugins for your web browser.

[skipped]

Sure. But I still do not see why does it affect firewalls, which are
still there.


------------------------------

Message: 2
Date: Mon, 2 May 2011 19:57:33 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Proxies, opensource and the general market:
what's wrong with us?
To: dave@corecom.com, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20110502155733.GB21443@eltex.net>
Content-Type: text/plain; charset=koi8-r

Packet filters and packet filtering threat control is reactive by design.
(Well, maybe not "by design" as principle of technology, but "by design" of
current implementation, being basically a way to apply regexp to a tcp/ip packet
or tcp flow - and the second technique is called "advanced").

The efficiency of threat control depends on nature of the threat.
Protocol driven attacks are not that widespread now, but they still do exist.
I checked CVEs for, say, pop3 vulnerabilities of last 5 years and found out that about 90% are
protocol abuses that are prevented by proper proxy on zero knowledge basis.

For http the situation is strictly opposite, to be honest. But for http there are other
things proxy can do.

On Sat, Apr 30, 2011 at 04:10:44PM -0400, Dave Piscitello wrote:
>
> I wonder if this "all a firewall should be is a packet filter" is truly
> the case. Is the buyer focus on proxy or packet filtering these days, or
> on "blocking X" where X is "a threat"?
>
> Most of the commercial marketing blather focuses on controlling threats,
> users, and application specific attacks. The only mention of packet
> filtering is often in the context of "packet filtering is no longer
> effective". Granted, this is smoke and mirrors, but search NGFW or WAF
> and tell me what you find. I'm not advocating that this is a good thing,
> BTW.

------------------------------

Message: 3
Date: Thu, 29 Apr 2010 22:40:37 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Looking for firewall mgmt solution
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20100429184037.GA14177@eltex.net>
Content-Type: text/plain; charset=koi8-r

This one looks interesting, as it is aimed at some higher level organizational
part as well.

On Thu, Apr 22, 2010 at 06:26:05PM -0400, Morty wrote:
>
> http://www.tufin.com/products_securechange_workflow.php
>

------------------------------

Message: 4
Date: Mon, 2 May 2011 20:00:27 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Proxies, opensource and the general market:
what's wrong with us?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20110502160027.GC21443@eltex.net>
Content-Type: text/plain; charset=koi8-r

I will change VCS once the project grows out of the current one :-)

Having almost 10 years of commit history visible is not really required,
but I just love the look :-)

On Fri, Apr 29, 2011 at 10:39:03AM -0700, david@lang.hm wrote:

[dd]

> >
> >CVS branches are ok as well..
>
> CVS doesn't have good tools for merging the branches back togeather, and
> only people who have commit access to CVS can use them. with a DVCS (I
> happen to favor git, but this applies to any of them), people can do local
> work and then push it back to the central point without you having to
> trust them with CVS access first.
>
>

------------------------------

Message: 5
Date: Mon, 02 May 2011 21:43:18 -0700
From: Darren Reed <darren.reed@oracle.com>
Subject: Re: [fw-wiz] Proxies, opensource and the general market:
what's wrong with us?
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <4DBF87E6.4000606@oracle.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 2/05/11 08:51 AM, ArkanoiD wrote:
> On Fri, Apr 29, 2011 at 12:50:35PM -0700, Darren Reed wrote:
>> I think that what's happened is the relevant open source
>> security tools for today are no longer proxies or packet
>> filters but plugins for your web browser.
>
> [skipped]
>
> Sure. But I still do not see why does it affect firewalls, which are
> still there.

What's sexy about working on an open source firewall
thing that a few people might download and use vs
working on a plugin for firefox that gets 100,000
downloads every month?

Perhaps a more relevant problem to consider is that
as we (as a society) move to accessing the Internet
directly, from devices such as our phones, the threat
model and solutions used to address that need to be
rethought in the context of what the device's operating
system needs to have running and protected.

Somewhat amusingly, a security vulnerability in the
OpenBSD pf firewall software that is used by Apple
on its iPhones resulted in a jailbreak vulnerability.

The base level of firewall capability has advanced
far enough that most people don't need more than
what they get out of the bit of hardware that does
it for them. And since need is the mother of
invention, there's no compulsion to advance the
art/feature/etc.

Darren

------------------------------

Message: 6
Date: Mon, 2 May 2011 15:24:48 -0700
From: Tracy Reed <treed@ultraviolet.org>
Subject: Re: [fw-wiz] Proxies, opensource and the general market:
what's wrong with us?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20110502222448.GD17486@tracyreed.org>
Content-Type: text/plain; charset="us-ascii"

On Mon, May 02, 2011 at 08:00:27PM +0400, ArkanoiD spake thusly:
> I will change VCS once the project grows out of the current one :-)
>
> Having almost 10 years of commit history visible is not really required,
> but I just love the look :-)

There are migration scripts for just about everything. You should never lose
commit history when changing.

--
Tracy Reed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20110502/63e4bfcb/attachment-0001.pgp>

------------------------------

Message: 7
Date: Tue, 3 May 2011 00:35:07 +0300
From: Afsin Taskiran <afsin@taskiran.org>
Subject: Re: [fw-wiz] Looking for firewall mgmt solution
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <BANLkTimX6ZDYj8Gp2mH7NnZRtsd6+k6Yrg@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-9"

Hi There;

I missed the thread but you can use the AlgoSec FireFlow for compliance,
change management and workflow management like Tufin..

http://www.algosec.com/en/products/fireflow

Best Regards,
*

Af?in TA?KIRAN,* *CISSP?, C|EH*
Information Security Professional
http://www.enderunix.org/afsin/
http://tr.linkedin.com/in/afsintaskiran
<http://tr.linkedin.com/in/afsintaskiran>

2010/4/29 ArkanoiD <ark@eltex.net>

> This one looks interesting, as it is aimed at some higher level
> organizational
> part as well.
>
> On Thu, Apr 22, 2010 at 06:26:05PM -0400, Morty wrote:
> >
> > http://www.tufin.com/products_securechange_workflow.php
> >
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20110503/2c2cfc25/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 58, Issue 3
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)