Hello Davie,
limitations:
AFAIK, IPSec tends to have problems with multicast / broadcast traffic
(although I think some vendors already provide solutions), and
requires heavy administrative tasks, such as certificates / keys
configuration / renewal... etc.
IEEE802.1x depends strongly on the network technology (switches) you
use to provide users with network access. Hubs and old / cheap
switches will most likely not support IEEE802.1x, or at least advanced
features of this protocol, such as downloadable ACLs that could
eventually replace a firewalling functionality (but IMHO, these are
two different concepts).
client-side firewalls:
I agree with Sky, they have existed for quite a long time now, so much
to say that the technology is reasonably mature. I am used to work
with Symantec client firewall, which provides centralized means to
manage all clients in an enterprise. But surely any first-line vendor
has already a solution (or is working on it) for enterprise-wide
central management of client firewalls.
your idea:
to stop keyloggers and spyware, normally client firewalls could in
theory stop the most basic ones. However, bear in mind that traffic
from a keylogger could look exactly like an outbound web http request
that will be allowed on a high percentage of client firewall
configurations. However, I would recommend you to further investigate
how these malware pieces really work.
Regards,
Rodrigo.
On 12/29/05, coder <elite.coder@ntlworld.com> wrote:
Hello everyone,
I wanted to get the opinions of experts before I carry on with my project. I
am curently writting a thesis on the limitations of firewall technology,
for now it seems that firewall technology for the gateway is pretty much
covered. However, noone seems to have focused on firewall technology for
clients (on big networks), home firewalls such as ZoneAlarm are useless for
a network with many PCs because it cant be managed centrally and it asks the
user if they want to create a new rule when somthing tries to get out.
In my thesis I was going to say that these are the problems and the
solutions was to write a firewall system that can be managed centrally (via
web interface), also for technical universities where students maybe
writting network software and using their own protocols, I was going to see
if I could create some kind of "protocol creator" for admins. Originally my
thesis was going to be about security corporation sized networks, but in my
research I have come across a few other things.
IEEE802.1x and IPSec can apparently replace client-side firewalls, I dont
really know much about those two technologies, but I am still researching.
If these two techologies are better than client-side firewalls and or cost
less, I shall focus my thesis on small company networks (who cant afford
good network technology or a full-time net admin).
My thesis was going to be centered around the fact that machines within huge
networks get infected by malware and such, either by websites or via
removable media, I am hoping that my firewall I idea would: stop sending
keylogger and spyware details back to the "hacker" and stop viruses/worms
spreading from the infected client.
So, what client-side technologies do corporations use (if any)?
Are there any limitations for IPSec and 802.1X?
What are your opinions on what I was saying about client-side firewalls?
Thank you for your answers,
Davie Elliott.
