Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Firewall technology

from [Skyler King] Network Security [Permanent Link]
Subject: RE: Firewall technology
Date: Fri, 30 Dec 2005 10:57:22 -0800 
In this case you would enter both the name of the application (the
antivirus software) as well as the MD5 of the executable.  I suspect you
used filename alone.  If you enter the MD5 the trick you describe below
will fail.

sky
 


-----Original Message-----
From: Chris Clymer [mailto:chris@chrisclymer.com] 
Sent: Friday, December 30, 2005 9:17 AM
To: firewalls@securityfocus.com
Subject: Re: Firewall technology

I tested Integrity out a few months ago.  Fun toy, but easy 
to fake out.  I 
was able to convince it that notepad.exe was in fact the 
antivirus software 
that the policy required to be on the clients before letting 
them out to the 
network very trivially.

I'm by no means an expert in malware, if i was able to do 
this with a little 
bit of re-naming, then I am sure that plenty of malware could 
masquerade as 
legitmate software very easily.

On Thursday 29 December 2005 10:00 pm, Sean Krause wrote:

Davie,
    Check Point has realized your point on securing the PC 

from spyware and

0-Day attacks using PC based firewall (Zone Alarm) but 

centrally managed.

http://www.checkpoint.com/products/integrity/index.html
----- Original Message -----
From: "coder" <elite.coder@ntlworld.com>
To: <firewalls@securityfocus.com>
Sent: Thursday, December 29, 2005 10:51 AM
Subject: Firewall technology


Hello everyone,

I wanted to get the opinions of experts before I carry on with my
project.


I


am curently writting  a thesis on the limitations of 

firewall technology,

for now it seems that firewall technology for the gateway 

is pretty much

covered. However, noone seems to have focused on firewall 

technology for

clients (on big networks), home firewalls such as 

ZoneAlarm are useless


for


a network with many PCs because it cant be managed 

centrally and it asks


the


user if they want to create a new rule when somthing 

tries to get out.


In my thesis I was going to say that these are the 

problems and the

solutions was to write a firewall system that can be 

managed centrally


(via


web interface), also for technical universities where 

students maybe

writting network software and using their own protocols, 

I was going to


see


if I could create some kind of "protocol creator" for 

admins. Originally


my


thesis was going to be about security corporation sized 

networks, but in


my


research I have come across a few other things.

IEEE802.1x and IPSec can apparently replace client-side 

firewalls, I dont

really know much about those two technologies, but I am still
researching. If these two techologies are better than client-side
firewalls and or cost less, I shall focus my thesis on 

small company

networks (who cant afford good network technology or a 

full-time net

admin).

My thesis was going to be centered around the fact that 

machines within


huge


networks get infected by malware and such, either by 

websites or via

removable media, I am hoping that my firewall I idea 

would: stop sending

keylogger and spyware details back to the "hacker" and 

stop viruses/worms

spreading from the infected client.

So, what client-side technologies do corporations use (if any)?
Are there any limitations for IPSec and 802.1X?
What are your opinions on what I was saying about 

client-side firewalls?


Thank you for your answers,

Davie Elliott.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Firewall technology, Chris Clymer
Next by Date:  Re: IPSec VPN Between Fortigate-100 and Netopia 3000, Louis Wang
Previous by Thread:  RE: Firewall technology, Mark Brunner
Next by Thread:  Object Filler / Object Dumper version 2.2 released!, Martin Hoz
Indexes:  [Date] [Thread] [Top] [All Lists]