[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Joe Lagreca" <joe at bignetonline dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall virus protection?
 Date:  Thu, 15 Nov 2007 12:28:39 +0500
The proxy is transparent to the user, though he does see strange
things like a big email that doesnt download for ages (the inspection
is taking ages) then he gets it all at really high speeds. To inspect
an email the firewall has to receive all the packets that make up the
email so that is why it needs a proxy built into it. It cant properly
inspect it at the packet level.

You are correct, inspecting Encrypted traffic is a bit more difficult !

sai


On Nov 15, 2007 10:22 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> I'm not so concerned with the single point of failure.
>
> Users will now have to use a proxy to check their email?  If they
> don't configure the proxy, they aren't getting any virus protection
> from the firewall?
>
> I thought it did some sort of deep packet inspection, and just
> monitored all traffic that comes in and goes out.  However I was
> curious exactly how it does this, especially for encrypted traffic
> (not encrypted by the fortigate).  I thought it can monitor plain POP3
> traffic, but what if you are using a ssl cert with your POP3 server,
> then it probably wouldn't work.
>
> Or lets say users are connecting to gmail via ssl, the fortigate
> wouldn't be able to block file downloads.
>
> Joe
>
>
>
> On Nov 14, 2007 9:08 PM, sai <sonicsai at gmail dot com> wrote:
> > It has to have a proxy for each protocol. So if you are receiving
> > email the Fortigate would need a POP proxy, download the whole email ,
> > inspect it and any attachments then send it onto the user.
> > It increases the complexity of the machine (so you might get bugs
> > bringing down your firewall), vastly increases the attack surface
> > (m0n0 is essentially invisible to the outside attacker in many cases)
> > and so reduces the security of the firewall. Sure you should inspect
> > traffic before it gets to the user, but it should be done on an
> > another machine , in this case I would want the email to be inspected
> > by the mail server.
> >
> > Unfortunately this is what the future looks like because users like
> > having a machine that does everything.
> >
> > sai
> >
> >
> >
> > On Nov 15, 2007 9:52 AM, Joe Lagreca <joe at bignetonline dot com> wrote:
> > > A customer of mine recently replaced their m0n0wall with a Fortigate
> > > firewall because of two "benefits" of the fortigate.  First they liked
> > > the content filtering fortigate offered.  They also liked the firewall
> > > virus protection.
> > >
> > > I'm a little unclear on exactly how a firewall does virus protection?
> > > I'm sure its not smart enough to inspect all packets.  Especially if
> > > they are encrypted point to point, like Skype file transfer.  Can
> > > anyone explain how firewall virus protection is better than what
> > > m0n0wall offers?
> > >
> > > Thanks.
> > >
> > > --
> > > Joe LaGreca
> > > Founder & Owner, BIGnet Online
> > > 619-393-1733 Office
> > > 619-318-3246 Cell
> > > www.BIGnetOnline.com
> > >
> >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > >
> >
>
>
>
> --
>
> Joe LaGreca
> Founder & Owner, BIGnet Online
> 619-393-1733 Office
> 619-318-3246 Cell
> www.BIGnetOnline.com
>