[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Christiaens Joachim" <jchristi at oce dot be>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] windows built in "ident"...
 Date:  Tue, 30 Dec 2003 12:20:49 -0800
I realize that the soft firewall has more than network access to the
machine, but the linksys router can do a variety of things - block all
access if zone alarm is not active on the initiating computer and so on -
not sure where the functionality crosses over... I HAVE seen indentd
services for windows - maybe they could make the internal api calls
transparent to a remote device...

I thought perhaps that had already been done - if not, maybe indentd for
windows is an option?

My goal would be centralized management and control of that sort of access -
I want to allow web browsing, but not other programs which masquerade as a
web client to evade the firewall (viruses, trojans and so on).

So if it doesn't exist now, there may be the requirement of running an agent
on the client PC. The firewall would reject any outbound connections from a
PC NOT running the agent, and would only allow those that can be properly
identified and match a rule set if the agent is present...

Keeps people from jacking in and playing, also controls the impact of a
trojan which expects to be able to report to a remote server (back orfice
for example)

Would be a powerful extension I think... and as the indentd for windows
software is all freeware, it would allow appliance type firewalls to perform
the same functions as the windows software firewalls without the maintenance
hassle and huge expense.

thoughts?

m/

-----Original Message-----
From: Christiaens Joachim [mailto:jchristi at oce dot be]
Sent: Tuesday, December 30, 2003 1:29 AM
To: 'Mitch (WebCob)'
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] windows built in "ident"...


> -----Original Message-----
> From: Mitch (WebCob) [mailto:mitch at webcob dot com]
>
> Other firewalls support passing requests made by certain
> applications...
> zone alarm or black ice for example

These are soft-firewalls that have more then network-access to the client
machine, so they can determine by some api what executable can be linked to
what connection(-attempt)
Not shure what you mean by Linksys implementation here...?

> can detect a bogus HTTP request generated by a
> program OTHER THAN Internet Explorer (like by a virus or a
> messenger program
> trying to circumvent the firewall) and shut them down...

Or the executable is detected (local machine) OR the HTTP-request is somehow
different then one coming from iexplore/browser. If there is a protocol that
shows the app, it can be faked!

I think it can't be done in a firewall appliance...

Regards
Joachim


-----------------------------------------------
MISSION STATEMENT
-----------------------------------------------

effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------