I tested Integrity out a few months ago. Fun toy, but easy to fake out. I
was able to convince it that notepad.exe was in fact the antivirus software
that the policy required to be on the clients before letting them out to the
network very trivially.
I'm by no means an expert in malware, if i was able to do this with a little
bit of re-naming, then I am sure that plenty of malware could masquerade as
legitmate software very easily.
On Thursday 29 December 2005 10:00 pm, Sean Krause wrote:
Davie,
Check Point has realized your point on securing the PC from spyware and
0-Day attacks using PC based firewall (Zone Alarm) but centrally managed.
http://www.checkpoint.com/products/integrity/index.html
----- Original Message -----
From: "coder" <elite.coder@ntlworld.com>
To: <firewalls@securityfocus.com>
Sent: Thursday, December 29, 2005 10:51 AM
Subject: Firewall technology
Hello everyone,
I wanted to get the opinions of experts before I carry on with my
project.
I
am curently writting a thesis on the limitations of firewall technology,
for now it seems that firewall technology for the gateway is pretty much
covered. However, noone seems to have focused on firewall technology for
clients (on big networks), home firewalls such as ZoneAlarm are useless
for
a network with many PCs because it cant be managed centrally and it asks
the
user if they want to create a new rule when somthing tries to get out.
In my thesis I was going to say that these are the problems and the
solutions was to write a firewall system that can be managed centrally
(via
web interface), also for technical universities where students maybe
writting network software and using their own protocols, I was going to
see
if I could create some kind of "protocol creator" for admins. Originally
my
thesis was going to be about security corporation sized networks, but in
my
research I have come across a few other things.
IEEE802.1x and IPSec can apparently replace client-side firewalls, I dont
really know much about those two technologies, but I am still
researching. If these two techologies are better than client-side
firewalls and or cost less, I shall focus my thesis on small company
networks (who cant afford good network technology or a full-time net
admin).
My thesis was going to be centered around the fact that machines within
huge
networks get infected by malware and such, either by websites or via
removable media, I am hoping that my firewall I idea would: stop sending
keylogger and spyware details back to the "hacker" and stop viruses/worms
spreading from the infected client.
So, what client-side technologies do corporations use (if any)?
Are there any limitations for IPSec and 802.1X?
What are your opinions on what I was saying about client-side firewalls?
Thank you for your answers,
Davie Elliott.
pgpxRebxYhrpo.pgp
Description: PGP signature
