On Thu, 29 Dec 2005 22:00:53 -0000
"coder" <elite.coder@ntlworld.com> wrote:
I myself am a network admin, the company I work for has about 20 PCs
and 4 servers.
...tells a bit but not much about the complexity. If that's fully meshed
PC2PC it's much more complicated than PC2Server-only with few protocols.
Growing exponentially the more systems are involved.
I work for and the other smaller companies is that they dont have a
full time net admin (and in some cases they dont have one at all),
[...]
Im thinking for the thesis, I can say the current firewall technology
is time consuming to setup, expensive and requires a full-time network
admin to maintain the system.
[...]
Well, it's not the FW technology that's time-consuming, but the
applications and malware sprouting and ever-changing. Plus there are
quite some (with respect to firewalling) braindead protocols like most
VoIP or RPC stuff for example - try to NAT and/or encrypt that and
remain compatible to ALL other implementations...
Second problem is that you need an expert to qualify which traffic is
"good" and which is "bad". As usage is constantly changing, traffic is
changing, too. An auto-learning system cannot distinguish between a
"legal" change in software/application usage and some "illegal" malware
starting, especially if they are using the same protocols. Try to
automatize e.g. distinguishing the new marketing/sales employee starting
to send out company newsletter to all customers vs. a (new) virus
starting to spew out SPAM.
And I can then say that I shall develope
a new firewall system that is cheaper and does not require a full time
admin to maintain.
Well, seems you are looking for the holy grail of firewalling. The one
FW to bind them all. Full protection without needing neither know-how
nor maintenance. Would spell instant death to all consulting and managed
security systems. But good luck if you want to try. I'd like to see your
concept, maybe you really have a good idea - just contact me if you'd
like some input/review.
Does this sound reasonable?
It's an understanable wish - like a single drug guaranteeing permanent
health for all people without side-effects. But the FW you envision is
quite probably similarily easy to produce... *NOT*
-------- Original Message --------
However, noone seems to have focused
on firewall technology for clients (on big networks), home firewalls
such as ZoneAlarm are useless
There is at least one - and they even patented the idea of a personal
"hardware" firewall http://www.innominate.com/
IEEE802.1x and IPSec can apparently replace client-side firewalls
Nope. The first one is about wether the client is allowed to
participate at the network *at*all* - and the second one is a VPN
standard. Nothing about firewalling single protocols or ports (or even
applications/layer7) in any of those two (unless I'm seriously off, it's
late over here...).
stop sending keylogger and spyware details back to the "hacker"
and stop viruses/worms spreading from the infected client.
The first one usually is done via "standard" protocols that usually are
allowed, e.g. (proper) HTTP requests to "standard" servers (geocities or
similar). The second one is depending on the attack vector used. If you
have to use open shares throughout all workstation PCs (or on the common
server), you are prone to file-based virus infections regardless
firewall (unless that's capable of filtering CIFS access - where I am
not aware of any product doing this).
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
