the state of the firewall art l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The State of the Firewall Art PowerPoint Presentation
Download Presentation
The State of the Firewall Art

Loading in 2 Seconds...

play fullscreen
1 / 14

The State of the Firewall Art - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

The State of the Firewall Art. ComNET DC 2002 David Strom david@strom.com 516 944 3407. Four categories. Perimeter high-availability firewalls to protect the enterprise Colo firewalls for ASP/MSP applications SOHO firewalls for remote offices and home nets

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The State of the Firewall Art' - eze


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the state of the firewall art

The State of the Firewall Art

ComNET DC 2002

David Strom

david@strom.com

516 944 3407

four categories
Four categories
  • Perimeter high-availability firewalls to protect the enterprise
  • Colo firewalls for ASP/MSP applications
  • SOHO firewalls for remote offices and home nets
  • Desktop/software firewalls for extra protection
problems with high availability firewalls
Problems with high-availability firewalls
  • Need to work in combination with load balancers, and deal with maintaining connection states in the case of a failover
  • Gigabit throughputs for large networks can overwhelm them
  • They still are vulnerable to attacks from within the corporate network (Nimda et al.)
soho firewalls
Soho firewalls
  • “Frhubs” or residential gateways that combine hubs and routers in a small and inexpensive package
  • Leading vendors include SonicWall and Watchguard
common frhub features
Common Frhub features
  • 4 to 8 Ethernet (switched, 10/100) ports
  • Web browser to administer their boxes
  • Supports Network Address Translation
  • Supports upstream DHCP client, DHCP server
  • Rudimentary port control and sometimes packet inspection too
two types of desktop firewalls
Two types of desktop firewalls
  • Centrally managed, such as Norton, Trend, and McAfee console products
  • And not, such as Norton Internet Security, Zone Alarm, and BlackICE
desktop advantages
Desktop advantages
  • Block internally generated attacks
  • All are better than nothing, but not as good as a hardware firewall, and should complement rather than replace them
firewalls on a card
Firewalls-on-a-card
  • Merilus
  • Omnicluster

A good idea, if you have the expertise to configure them properly and don’t have the rack space to add separate firewall hardware.

online updates
Online updates
  • Watchguard and others have the ability to receive upgrades and updates via the Net. A Good Idea.
  • Win XP has something similar. A Bad Idea.
ways around firewalls
Ways around firewalls
  • Uroam.com
  • GoToMyPC.com
  • Neoteris, other appliances
  • Remote control software (PC Anywhere, Ccopy, etc.)
remote control loopholes
Remote control loopholes
  • Do you even know if they are running?
  • Do port scans for common ports that are used:
    • PC Anywhere: 5631-2
    • Control IT: 799
    • Carbon Copy: 1680
    • VNC: 5900
wireless lan loopholes
Wireless LAN loopholes
  • Do you even know if they are running?
  • NetStumbler.com: good resource
  • Read this article too.
wireless vpn firewall appliances
Wireless VPN/firewall appliances
  • BlueSocket
  • ReefEdge
  • Vernier Networks
  • Mobility from Netmotion Wireless
state of vpns
State of VPNs
  • Software included in Soho firewalls like Sonic and Netgear
  • Still too hard for the average consumer, and the average business computer user
  • But wider support is inevitable
  • VPN.net: A new way of establishing VPNs