Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewall technology

from [Charalambos Klitiropoulos] Network Security [Permanent Link]
Subject: Re: Firewall technology
Date: Thu, 29 Dec 2005 19:48:20 +0200 
Hello Davie,

actually there are products for the internal network that are centrally
managed. However the problem inside the firewall is not to block or allow
certain ports. After all, it is the internal (=trusted) network. Even if
there is the need to filter the traffic between two different departments,
the administrator can always install a firewall (usually different
departments use different VLANs or are somehow separated). There are
technologies like Cisco's CSA (Cisco Security Agent) where the administrator
can create a policy that allows access to network resources for some
applications while it denies access to others. Obviously the configuration
of the systems must be known to the administrator in order to create a
proper policy that will be as restrictive as possible but will not make it
difficult for users to work and accomplish their tasks.

In order to create a safe network immune to all possible threats (if this is
at all possible), you need to use all technologies available and not just
rely on access lists (wherever these may be used). You need to use AV
software (that is also great against spyware and malware in general),
IDS/IDP systems that can detect anomalies in the network, authentication
schemes that will allow access only to those that need it, audit mechanisms
so that you will be able to track events in the past and the list goes on.

If I had the opportunity to create the "perfect" corporate network (in
regards of security) without having to worry about the cost, I would use at
least these technologies:

   - firewall systems
   - personal firewall systems (mostly to control software access to the
   network, not to filter ports and protocols)
   - IDS/IDP systems wherever they are necessary
   - AV software (and content checking systems in general)
   - AAA systems to control access to all network resources, even access
   to the network itself
   - VPN systems
   - log management systems to analyze events from all the above


However, as we live in an imperfect world, all the equipment you can buy and
all the technology you can get your hands on is useless unless you have a
policy. The policy itself in turn is useless unless it is being enforced.
This policy must define the way systems are used (but not how they are
used), the way users use the network resources and the way users and systems
interact with each other.

On 29/12/05, coder <elite.coder@ntlworld.com> wrote:


Hello everyone,

I wanted to get the opinions of experts before I carry on with my project.
I
am curently writting  a thesis on the limitations of firewall technology,
for now it seems that firewall technology for the gateway is pretty much
covered. However, noone seems to have focused on firewall technology for
clients (on big networks), home firewalls such as ZoneAlarm are useless
for
a network with many PCs because it cant be managed centrally and it asks
the
user if they want to create a new rule when somthing tries to get out.

In my thesis I was going to say that these are the problems and the
solutions was to write a firewall system that can be managed centrally
(via
web interface), also for technical universities where students maybe
writting network software and using their own protocols, I was going to
see
if I could create some kind of "protocol creator" for admins. Originally
my
thesis was going to be about security corporation sized networks, but in
my
research I have come across a few other things.

IEEE802.1x and IPSec can apparently replace client-side firewalls, I dont
really know much about those two technologies, but I am still researching.

If these two techologies are better than client-side firewalls and or cost
less, I shall focus my thesis on small company networks (who cant afford
good network technology or a full-time net admin).

My thesis was going to be centered around the fact that machines within
huge
networks get infected by malware and such, either by websites or via
removable media, I am hoping that my firewall I idea would: stop sending
keylogger and spyware details back to the "hacker" and stop viruses/worms
spreading from the infected client.

So, what client-side technologies do corporations use (if any)?
Are there any limitations for IPSec and 802.1X?
What are your opinions on what I was saying about client-side firewalls?

Thank you for your answers,

Davie Elliott.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Firewall technology, Skyler King
Next by Date:  Re: Firewall technology, Bruce Martins
Previous by Thread:  Firewall technology, coder
Next by Thread:  Re: Firewall technology, Rodrigo Blanco
Indexes:  [Date] [Thread] [Top] [All Lists]