|
||||||||||
I realize that the soft firewall has more than network access to the machine, but the linksys router can do a variety of things - block all access if zone alarm is not active on the initiating computer and so on - not sure where the functionality crosses over... I HAVE seen indentd services for windows - maybe they could make the internal api calls transparent to a remote device... I thought perhaps that had already been done - if not, maybe indentd for windows is an option? My goal would be centralized management and control of that sort of access - I want to allow web browsing, but not other programs which masquerade as a web client to evade the firewall (viruses, trojans and so on). So if it doesn't exist now, there may be the requirement of running an agent on the client PC. The firewall would reject any outbound connections from a PC NOT running the agent, and would only allow those that can be properly identified and match a rule set if the agent is present... Keeps people from jacking in and playing, also controls the impact of a trojan which expects to be able to report to a remote server (back orfice for example) Would be a powerful extension I think... and as the indentd for windows software is all freeware, it would allow appliance type firewalls to perform the same functions as the windows software firewalls without the maintenance hassle and huge expense. thoughts? m/ -----Original Message----- From: Christiaens Joachim [mailto:jchristi at oce dot be] Sent: Tuesday, December 30, 2003 1:29 AM To: 'Mitch (WebCob)' Cc: m0n0wall at lists dot m0n0 dot ch Subject: RE: [m0n0wall] windows built in "ident"... > -----Original Message----- > From: Mitch (WebCob) [mailto:mitch at webcob dot com] > > Other firewalls support passing requests made by certain > applications... > zone alarm or black ice for example These are soft-firewalls that have more then network-access to the client machine, so they can determine by some api what executable can be linked to what connection(-attempt) Not shure what you mean by Linksys implementation here...? > can detect a bogus HTTP request generated by a > program OTHER THAN Internet Explorer (like by a virus or a > messenger program > trying to circumvent the firewall) and shut them down... Or the executable is detected (local machine) OR the HTTP-request is somehow different then one coming from iexplore/browser. If there is a protocol that shows the app, it can be faked! I think it can't be done in a firewall appliance... Regards Joachim ----------------------------------------------- MISSION STATEMENT ----------------------------------------------- Océ enables its customers to manage their documents efficiently and effectively by offering innovative print and document management products and services for professional environments. ----------------------------------------------- DISCLAIMER ----------------------------------------------- This e-mail message and any attachment are intended for the sole use of the recipient(s) named above and may contain information which is confidential and/or protected by intellectual property rights. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone (0032-2-729.48.11) or by e-mail and delete the material from any computer. Oce-Belgium/Oce-Interservices is nor responsible for the correct and complete transfer of the contents of the sent e-mail, neither for the receipt on due time. This e-mail message does not bring about a contractual obligation for Oce-Belgium/Oce-Interservices. Thank you for your cooperation. For further information about Oce-Belgium/Oce-Interservices please see our website at www.oce.be ----------------------------------------------- |