Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Core FORCE and OpenBSD PF's

from [Ivan Arce] Network Security [Permanent Link]
Subject: Core FORCE and OpenBSD PF's
Date: Mon, 28 Nov 2005 18:53:50 -0300 
Hello everyone,

Theo de Raadt, head of the OpenBSD project, has requested me to clarify
something about the firewall technology of the endpoint security package
(Core FORCE) released today by Core and  announced to bugtraq and other
mailing lists.

Core FORCE uses a Windows port of OpenBSD's PF (www.openbsd.org/faq/pf)
for firewalling.

This involved porting the PF engine to a Windows NDIS compliant miniport
kernel driver with trimmed functionality (removed  NAT, RDR, packet
queing and normalization and packet tagging among other things) and
adding the ability to set firewall rules on a per-process basis and the
implementation of the "ask" action (in addition to allow,deny) to allow
users to explicitly indicate if they want to pass or block
inboud/outbound packets from/to a given program. Configuration of
firewall rules is integrated to the Core FORCE GUI that also handles
filesystem and registry access control configuration permissions.

In addition to PF's NDIS driver, CORE FORCE also uses a Windows TDI
driver (this one developed from scratch) that allows to also filter
network operations at the socket layer rather than at the packet layer.

We felt that instead of inventing yet a new packet filtering engine we
should use OpenBSD's PF which brings a very robust technology, that have
been extensively tested in the field and withstanded careful security
scrutiny for many years, to the Windows world.

PF is a great piece of software and we're glad that the OpenBSD team
made it available for everyone to use under a BSD license.

If you'd like to learn more about Core Force's architecture and how
OpenBSD's PF fits in it you can browse to the following URL:

http://force.coresecurity.com/index.php?module=articles&func=display&ptid=10&catid=39&aid=16


Thanks,

-ivan

---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842

Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@coresecurity.com
www.coresecurity.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Core FORCE and OpenBSD PF's, Ivan Arce <=
Previous by Date:  [Full-disclosure] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers
Next by Date:  [Full-disclosure] Panda Remote Heap Overflow, list
Previous by Thread:  [Full-disclosure] [FLSA-2005:166943] Updated php packages fix security issues, Marc Deslauriers
Next by Thread:  [Full-disclosure] Panda Remote Heap Overflow, list
Indexes:  [Date] [Thread] [Top] [All Lists]