"Jon E. Price" <jon @
nytimes .
com> writes:
> Are there any known or theoretical insecurities or vulnerabilities or other
> shortcomings (eg. performance) using socks or the fw-1 stateful inspection
> technologies?
>
> If I have an application that can work with either fw-1 stateful inspection
> OR a socks relay what criteria can I use to choose?
think risk based. stateful inspection and/or circuit level firewalling (socks)
uses either analysis of the network layer, or misdirection of the network
layer to achieve security. This allows you to manage a great deal
of the risks out there on the net. The issue that you need
to confront is what risks do you wish to take/control. For
example, socks/SI/masq/NAT firewall technology can't handle
things like pulling activeX or java from web pages, they can't
easily log what (or permit/deny) type of ftp transaction occurred -- did you
put/get, what filename? Nor can they perform email relay
prevention/spam filtering, again best done at the application level
with an app proxy (smap or smtpd are examples thereof).
personally, i think that SI/NAT/masq/etc are good technologies
to use in constructing your firewall, but, you would want to
add application level proxying to handle those certain situations
where SI/etc just doesn't give you the power/flexibility
that is needed to properly do your risk management.
-- craig
-------------------------------------------------------------------------------
Craig I. Hagan "It's a small world, but I wouldn't want to back it up"
hagan(at)cih.com "True hackers don't die, their ttl expires"
"It takes a village to raise an idiot, but an idiot can raze a village"
Stop the spread of spam, use a sendmail condom!
http://www.cih.com/~hagan/smtpd-hacks
In Bandwidth we trust
References:
|
|
