RE: Distributed Firewall

["JAVIER OTERO" <jotero () SMARTEKH com>]

Solsoft can generate visual polices for Netscreen, Chechpoint, Cisco (Pix, ruters and switchs), and other brands.   

Javier Otero 
Grupo Smartekh 
Antivirus Expertos 
Bussiness Continuity 
Inftegrity 
5243-4782 al 84 Ext.300
México, D.F. 



-----Mensaje original-----
De: Jared Valentine [mailto:hidden () xmission com]
Enviado el: Jueves, 24 de Abril de 2003 02:30 p.m.
Para: security-basics () lists securityfocus com
Asunto: RE: Distributed Firewall


"one console to rule them all" can be a good thing.  It allows an admin to
react quickly to a virus/worm/trojan that is spreading on the network.

It could also be a bad thing if it were ever subverted.

The mimicking of the remote console isn't much of an issue, as long as you
can authenticate AND encrypt the command/control channels between the
console and the distributed firewalls.  That's what 3Com/Secure Computing's
Embedded Firewall does.  There are RSA pub/priv keypairs and 3DES session
keys used to authenticate and encrypt the traffic between the console and
the firewall cards.

If you can get the private key that the console uses, and the console
software, then you might be able to subvert the system.  That's why you
would take all possible measures to secure the console system.  That machine
needs firewall, AV, IDS, even physical security.

Jared Valentine
hidden () xmission com


-----Original Message-----
Sounds like a good idea but I see some flaws. Even with such a set up
there is always the vulnerability of the remote console and the
vulnerability of it being mimicked by a remote attack. Anything with a
central control has the inherent weakness of the power of that control
- which is one of the flaws that is trying to be avoided by a
distributed firewall. Just my 2c.


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.476 / Virus Database: 273 - Release Date: 24/04/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.476 / Virus Database: 273 - Release Date: 24/04/2003
 

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------