[windows2000] Re: Question about firewalls
- From: "Tony Lyne (Computerland)" <Tony.Lyne@xxxxxxxxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Fri, 9 May 2003 13:17:48 +1200
You CAN block some of the information transmitted on TCP ports by using =
application proxy based firewalls.
What I mean by this is, there is the ability to tunnel attacks through =
any open TCP port (A classic one is port 80). This is where stateful =
inspection firewalls like ISA and PIX are vulnerable. This was how NIMDA =
and the likes was able to attack supposedly secure networks.
Effectively when a session establishes a connection to a firewall on say =
tcp port 80, you can basicly encapsulate and send anything you want down =
this, so all sorts of nasties can be transmitted. With stateful =
inspection firewalls like ISA etc you cant stop this as they basically =
pass through an incomming TCP session straight to the destination. BIG =
security problem.
With application proxy based firewalls, the incomming session connect to =
the firewall only. The firewall inspects each packet, and if you have =
filters and http filters etc on the firewall it will check the contents =
of each packet for these filters. Then proxy the connection to the =
destination. The incomming machine never actually connects to the =
destination. Very secure. A good firewall to use like this is Borderware =
firewall server (my personal choice of firewalls for any form of decent =
security.) Netscreen firewalls also perform Application proxying as =
well.
Tony.
-----Original Message-----
From: Sullivan, Glenn
To: 'windows2000@xxxxxxxxxxxxx'
Sent: 9/05/03 07:03
Subject: [windows2000] Re: Question about firewalls
No way.
If you block outgoing access at the firewall, you block outgoing access
at
the firewall. That's that.
The problem is, you have to be able to get onto the internet somehow,
right?
Is that through a Proxy Server, or through exception rules? Once you've
made an outbound connection, there is nothing stopping another
application
from using that established connection.
As to his problems with Media Player, they are well founded. The EULA
for
MP9 contained some scary "we can do this if we want to" language.
Independent testing (and my own testing) has shown that they are not yet
using it, but I check again every time MP9 is patched by my SUS server,
just
in case...
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: Beaney, Derek [mailto:Derek.Beaney@xxxxxxxxxxxxx]
Sent: Thursday, May 08, 2003 1:55 PM
To: 'windows2000@xxxxxxxxxxxxx'
Subject: [windows2000] Question about firewalls
I know that there are firewalls out there that block programs from
accessing
the web.
I got into a debate with a friend.. (who is a Linux freak... suse to be
exact) about Microsoft and having programs like windows media player
reporting back to Microsoft on what stuff you watch and what u listen
to..=20
anyhow the question I have is if u have a firewall that blocks all
outgoing
packets ( prohibits specified programs from accessing the net) is there
stuff imbedded in the os that would report back that wouldn't be stopped
by
the firewall
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
