1 / 14

The State of the Firewall Art

The State of the Firewall Art. ComNET DC 2002 David Strom david@strom.com 516 944 3407. Four categories. Perimeter high-availability firewalls to protect the enterprise Colo firewalls for ASP/MSP applications SOHO firewalls for remote offices and home nets

eze
Download Presentation

The State of the Firewall Art

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The State of the Firewall Art ComNET DC 2002 David Strom david@strom.com 516 944 3407

  2. Four categories • Perimeter high-availability firewalls to protect the enterprise • Colo firewalls for ASP/MSP applications • SOHO firewalls for remote offices and home nets • Desktop/software firewalls for extra protection

  3. Problems with high-availability firewalls • Need to work in combination with load balancers, and deal with maintaining connection states in the case of a failover • Gigabit throughputs for large networks can overwhelm them • They still are vulnerable to attacks from within the corporate network (Nimda et al.)

  4. Soho firewalls • “Frhubs” or residential gateways that combine hubs and routers in a small and inexpensive package • Leading vendors include SonicWall and Watchguard

  5. Common Frhub features • 4 to 8 Ethernet (switched, 10/100) ports • Web browser to administer their boxes • Supports Network Address Translation • Supports upstream DHCP client, DHCP server • Rudimentary port control and sometimes packet inspection too

  6. Two types of desktop firewalls • Centrally managed, such as Norton, Trend, and McAfee console products • And not, such as Norton Internet Security, Zone Alarm, and BlackICE

  7. Desktop advantages • Block internally generated attacks • All are better than nothing, but not as good as a hardware firewall, and should complement rather than replace them

  8. Firewalls-on-a-card • Merilus • Omnicluster A good idea, if you have the expertise to configure them properly and don’t have the rack space to add separate firewall hardware.

  9. Online updates • Watchguard and others have the ability to receive upgrades and updates via the Net. A Good Idea. • Win XP has something similar. A Bad Idea.

  10. Ways around firewalls • Uroam.com • GoToMyPC.com • Neoteris, other appliances • Remote control software (PC Anywhere, Ccopy, etc.)

  11. Remote control loopholes • Do you even know if they are running? • Do port scans for common ports that are used: • PC Anywhere: 5631-2 • Control IT: 799 • Carbon Copy: 1680 • VNC: 5900

  12. Wireless LAN loopholes • Do you even know if they are running? • NetStumbler.com: good resource • Read this article too.

  13. Wireless VPN/firewall appliances • BlueSocket • ReefEdge • Vernier Networks • Mobility from Netmotion Wireless

  14. State of VPNs • Software included in Soho firewalls like Sonic and Netgear • Still too hard for the average consumer, and the average business computer user • But wider support is inevitable • VPN.net: A new way of establishing VPNs

More Related