Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Firewall technology

from [Chris Byrd] Network Security [Permanent Link]
Subject: Re: Firewall technology
Date: Sat, 31 Dec 2005 13:09:42 -0600 
IPSec could be used to effectively firewall desktops and servers on a
Microsoft Windows/AD network by using IPSec in transport rather than
tunnel mode (which is what is used for VPNs).  In transport mode,
IPSec can authenticate connections to ports, with optional encryption
(no encryption is ESP-Null).  Microsoft calls this domain/server
isolation, and they use it themselves.  Management complexity can be
reduced by using Kerberos or automatic certificate enrollment.

802.1x is not a firewall technology per se, but I think the original
point is that by keeping bad machines off the ports, it helps reduce
the need for individual firewalls.  I don't particularly agree
however, as 802.1x has its flaws, and internal hosts can often be the
attacker (once compromised themselves).

I've posted more information and links on my weblog
(http://riosec.com) about this and other often under-deployed
Microsoft security technologies at: http://riosec.com/node/12

- Chris

On 12/29/05, Volker Tanger <vtlists@wyae.de> wrote:

"coder" <elite.coder@ntlworld.com> wrote:

IEEE802.1x and IPSec can apparently replace client-side firewalls


Nope. The first one is about wether the client is allowed to
participate at the network *at*all* - and the second one is a VPN
standard. Nothing about firewalling single protocols or ports (or even
applications/layer7) in any of those two (unless I'm seriously off, it's
late over here...).
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Strange entries in Cisco PIX 515e, Compuoso
Next by Thread:  Re: Firewall technology, Harondel J. Sibble
Indexes:  [Date] [Thread] [Top] [All Lists]