RE: Distributed Firewall

From: JAVIER OTERO <jotero(at)SMARTEKH.com>
Date: Fri Apr 25 2003 - 12:43:15 EDT

Solsoft can generate visual polices for Netscreen, Chechpoint, Cisco (Pix, ruters and switchs), and other brands.

Javier Otero
Grupo Smartekh
Antivirus Expertos
Bussiness Continuity
Inftegrity
5243-4782 al 84 Ext.300
México, D.F.

-----Mensaje original-----

De: Jared Valentine [mailto:hidden@xmission.com] Enviado el: Jueves, 24 de Abril de 2003 02:30 p.m. Para: security-basics@lists.securityfocus.com Asunto: RE: Distributed Firewall

"one console to rule them all" can be a good thing. It allows an admin to react quickly to a virus/worm/trojan that is spreading on the network.

It could also be a bad thing if it were ever subverted.

The mimicking of the remote console isn't much of an issue, as long as you can authenticate AND encrypt the command/control channels between the console and the distributed firewalls. That's what 3Com/Secure Computing's Embedded Firewall does. There are RSA pub/priv keypairs and 3DES session keys used to authenticate and encrypt the traffic between the console and the firewall cards.

If you can get the private key that the console uses, and the console software, then you might be able to subvert the system. That's why you would take all possible measures to secure the console system. That machine needs firewall, AV, IDS, even physical security.

Jared Valentine
hidden@xmission.com

-----Original Message-----

Sounds like a good idea but I see some flaws. Even with such a set up there is always the vulnerability of the remote console and the vulnerability of it being mimicked by a remote attack. Anything with a central control has the inherent weakness of the power of that control - which is one of the flaws that is trying to be avoided by a distributed firewall. Just my 2c.

---

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics

---

---

Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.476 / Virus Database: 273 - Release Date: 24/04/2003  

---

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.476 / Virus Database: 273 - Release Date: 24/04/2003  

---

Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics

---

Received on Mon Apr 28 12:15:37 2003