[ previous ] [ next ] [ threads ]
 
 From:  "Sergei Kostigoff (home)" <sergei at kostigoff dot net>
 To:  "Joe Lagreca" <joe at bignetonline dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall virus protection?
 Date:  Thu, 15 Nov 2007 08:51:09 +0300
Fully agreed with previous mail.

Just few things for customer:

1. Separation of the e-mail filtering is better than integration. E.g. by 
proper installation of the postfix you can decrease amount of Spam by 
80-90% without even the receiving of the whole e-mail, refusing mail at 
the reception, with proper tech. reply of the refuse reason, so if there 
is a problem with a real sender -  sender can fix problem.
2. In case of deeper analysis there is a possibility to false positive - 
therefore business e-mail could be lost.
3. If they need specific mailserver - e.g. Lotus Notes or Exchange, or 
whatever, it is possible to put postfix in front as a pass-thru. 
Requirements to h/w in this case are minimal, solution is cheap, and 
admin's control of the process is easier. Overall solution is much more 
reliable.
4. If they need additional filtration, there are ready-to-use solutions of 
ApsmAssasin and ClamAV integration with postfix. But customer need to 
understand risk of false positives.
5. Bearing in mind (4) - who will take responsibilities of non-delivery of 
the mail to the recipients? Who will handle SPAM mail box? etc.
6. If they need to filter http - its another separate story )) same for 
protected IM, VoIP, and so on, and so far.

These are my $.02

Regards,
Sergei

sai <sonicsai at gmail dot com> wrote on 15/11/2007 08:08:20:

> It has to have a proxy for each protocol. So if you are receiving
> email the Fortigate would need a POP proxy, download the whole email ,
> inspect it and any attachments then send it onto the user.
> It increases the complexity of the machine (so you might get bugs
> bringing down your firewall), vastly increases the attack surface
> (m0n0 is essentially invisible to the outside attacker in many cases)
> and so reduces the security of the firewall. Sure you should inspect
> traffic before it gets to the user, but it should be done on an
> another machine , in this case I would want the email to be inspected
> by the mail server.
> 
> Unfortunately this is what the future looks like because users like
> having a machine that does everything.
> 
> sai
> 
> 
> On Nov 15, 2007 9:52 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> > A customer of mine recently replaced their m0n0wall with a Fortigate
> > firewall because of two "benefits" of the fortigate.  First they liked
> > the content filtering fortigate offered.  They also liked the firewall
> > virus protection.
> >
> > I'm a little unclear on exactly how a firewall does virus protection?
> > I'm sure its not smart enough to inspect all packets.  Especially if
> > they are encrypted point to point, like Skype file transfer.  Can
> > anyone explain how firewall virus protection is better than what
> > m0n0wall offers?
> >
> > Thanks.
> >
> > --
> > Joe LaGreca
> > Founder & Owner, BIGnet Online
> > 619-393-1733 Office
> > 619-318-3246 Cell
> > www.BIGnetOnline.com
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>