RE: Distributed Firewall

["Jared Valentine" <hidden () xmission com>]

"one console to rule them all" can be a good thing.  It allows an admin to
react quickly to a virus/worm/trojan that is spreading on the network.

It could also be a bad thing if it were ever subverted.

The mimicking of the remote console isn't much of an issue, as long as you
can authenticate AND encrypt the command/control channels between the
console and the distributed firewalls.  That's what 3Com/Secure Computing's
Embedded Firewall does.  There are RSA pub/priv keypairs and 3DES session
keys used to authenticate and encrypt the traffic between the console and
the firewall cards.

If you can get the private key that the console uses, and the console
software, then you might be able to subvert the system.  That's why you
would take all possible measures to secure the console system.  That machine
needs firewall, AV, IDS, even physical security.

Jared Valentine
hidden () xmission com


-----Original Message-----
Sounds like a good idea but I see some flaws. Even with such a set up
there is always the vulnerability of the remote console and the
vulnerability of it being mimicked by a remote attack. Anything with a
central control has the inherent weakness of the power of that control
- which is one of the flaws that is trying to be avoided by a
distributed firewall. Just my 2c.


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------