Security Basics mailing list archives
Re: Deep Inspection Firewall / IPS
From: Adriel Desautels <adriel () netragard com>
Date: Wed, 29 Oct 2008 11:04:16 -0400
Tony, ModSecurity reverse proxy or Bluecoat. On Oct 29, 2008, at 9:15 AM, Tony Raboza wrote:
Hi, I'm trying to get my company to buy a firewall with deep-inspection capabilities or IPS. From my research what is really needed is a deep inspection firewall/IPS - because a stateful packet inspection will not do. For example for a web server - you close off all the ports except port 80 /443 (http/https). But threats/malware can come in through port 80 disguising itself as normal http traffic, so we need a firewall which would inspect this - hence the need for deep packet inspection/IPS.But what if we also do NAT? Can malware still come in through port 80?I've been reading this - "Red Hat 8 Compromise" - http://honeyblog.org/junkyard/reports/redhat-compromise.pdf , but my thought on this one is that if the honeypot RH8 was NATted could the attacker have opened up a shell which might either be port 22 (ssh) or 23 (telnet)? What if only port 80/443 was port-forwarded? Can the attacker open up a shell? Questions: 1. Am I correct in my statements above? 2. If I am correct - can you give me real-world examples of exploits that come in through port 80/port 443 which can compromise a Unix/Linux webserver as well as a Windows web server? Thanks, Tony
-- Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 Join the Netragard, LLC. Linked In Group: http://www.linkedin.com/e/gis/48683/0B98E1705142 ------------------------------------------------ Netragard, LLC - "The Specialist in Anti-Hacking" Netragard Whitepaper Downloads: ------------------------------- Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know : http://tinyurl.com/26pjsn
Current thread:
- Deep Inspection Firewall / IPS Tony Raboza (Oct 29)
- Re: Deep Inspection Firewall / IPS Adriel Desautels (Oct 29)
- RE: Deep Inspection Firewall / IPS Abimbola, Abiola (Oct 29)
- RE: Deep Inspection Firewall / IPS Serge Vondandamo (Oct 29)
- RE: Deep Inspection Firewall / IPS Bryan S. Sampsel (Oct 29)