> I seem to have deleted info on BorderGuard.
> Can someone point me to a source for info.
> I'd like to hear more about it from someone
> who has used it, and also get the details :-)
> from the vendor.
>
I have been sending mail back & forth with the NSC reps in reguards to their
product. I am still getting claims that it is an application level gateway,
and comments such as "your statement...has come as a complete suprise to the
folks @ Ft Meade where they have been using our (NSC) network security approach
since 1977."
To summarize what has happened on this thread:
NSC claims to have: an application level gateway, having proxies for
Telnet, FTP, SMTP, NNTP, & Gopher. Also that the box does packet filtering,
and encryption capabilities that would allow for VPN development.
My claim is that NSC is a filtering device, in contrast to an application level
gateway, and that a NSC box alone is very weak security when using it for
internet security. Here's my
Theory:
1) You have access control lists to allow no inbound traffic whatsoever.
2) You do however allow incomming mail. All packets for port 25 can potentially
be routed to a single box.
3) This single box is the weakest link. If I can break into it, I have
subverted the firewall.
Application:
1) You have the above scenario.
2) You have something like stock sunos4.1.3_u1 running on the mail hub
3) I send you an exploit that your mailer compiles.
4) Upon compilation the mailhost executes my program and starts an outgoing
connection.
5) Upon completion of the connection the client-server role is reversed. The
mailhost forks a shell. The attackers machine now has a shell account on the
mailhost.
If I am missing something here in my logic, I would be very eager to hear
comments.
P.S. Again, the above scenario is not a vulerability of the NSC boxes. It is a
vulerability in IPv4. There is Identification & NO AUTHENTICATION of hosts.
Jeromie Jackson
Garrison Technologies
jeromie @
garrison .
com
|
|
