Vulnerability Development mailing list archives
Re: Information on Raptor
From: jcrooks () CDNX CA (James Crooks)
Date: Tue, 22 Feb 2000 01:17:28 -0800
Malikai wrote:
below are the issues I have with this product. I have just recently taken the NetGuard and NetMaster courses with Axent for a client of mine. I had a few big issues personally, however I am not sure if they are really issues, or if I was miscommunicated to during the class.
I found that when I took the Raptor courses a few years ago, the instructors weren't from Raptor (3rd party contractors) and either didn't fully understand the Raptor designs or didn't agree with them. I did find that I got mis-information or incomplete information from the instructor in a number of instances.
I will start off with what I know are issues, and then continue with what I believe are. None of this is certain, except for the performance ones, which are common to all application gateways. 1. Performance This is an application gateway, which is slower than (allmost) any packet filtering system.
As an application gateway, Raptor can do more for you like checking protocol syntax (HTTP, SMTP, etc.) for valid traffic and denying access if an invalid protocol format is found. To be fast, packet filtering systems can't inspect upper layer protocols to any great extent, so they intrinsically provide less protection.
2. DNSD Apparently this is a full function DNS server capable of handling all standard dns functionality. This also wants to be your primary dns server. (Your firewall is your dns server too?!) What about dns cache poisoning?
this is in place to support sites that want an "all in one" solution (includes "split" DNS for different views from eith side). You can still provide DNS services on other boxes for external customers and still allow internal DNS requests to flow thru the firewall to the Internet.
3. VPN logging I can't really believe this one and hope there is some form of workaround for it however, this is what I understood. This is the default configuration. There is no logging of VPN/tunneled traffic. This means there is no way to audit any vpn traffic, or store logs of anything going through the vpn layer of the proxy. Blindfolded?
In Raptor 6.5 VPN/Tunnelled traffic is handled by the GSP (Generalized Service Passer) with full logging support.
A summary of what I understand is fairly simple here. Application gateways (when not single application gateways, like http proxies), are very complex, slow, and fail to keep it simple. This is a firewall we are talking about here, and why should internal (or even worse, external) clients be talking directly to the firewall? I don't mind tools like the MimeSweeper, or any specific function proxies. However, when we shove it all into one box, we just slowed down and decresed by a magnitude the security of the gateway.
Application proxies aren't for everyone: * Application proxy performance has a significant overhead per connection (you've got to do twice the number of TCP connections just for starters, and then you get to the proxy verification, etc.) as well as the overall internal/external application response time profile - if you want or need super-fast then stay away from proxy (but you also lose some application level security protection). * I don't think you can argue that a proxy external to the firewall is any more or less efficient than an internal one (you've to the extra connection to make anyway and and external box means another platform and OS to support, not to mention another vendor...) * Offering services (including proxy) directly from the firewall is a philosophical issue and could easily take on the aspects of a religious war (just like UNIX/Linux vs NT!). * I'm not sure that you can categorically say that internal proxies decrease the security of the gateway (I can spin some "interesting" port 80 DOS and other attacks straight thru a stateful inspection box that my proxy box stops cold). /jc
-Malikai On Sun, 20 Feb 2000, Martin M Samson wrote:Good day to all, This is my first posting to this list. We own a Raptor Firewall for NT Integrated Entreprise Network. The version is 6.0. We've been told (by consultants) that this type of firewall has many flaws. Where could we find a complete list of points to investigate on the vulnerability of our firewall? Positive/negative feedback on the product is also welcome... We will need to buy a second firewall to reorganize our security this year, what is (in your opinion) the best machine? Please reply to : Martin.Samson () visa desjardins com Merci, Thanks! Mart! --------- Bonne journie! / Have a nice day! Pensie de la semaine : En apparence, la vie n'a aucun sens, et pourtant, il est impossible qu'il n'y en ait pas un! (Albert Einstein) ***************** Martin M Samson Consultant, Gestion de projets. 514-994-2243 http://pages.infinit.net/cci
-- James Crooks BScCS I.S.P. CISSP, Technical Consultant-Technology Canadian Venture Exchange 604-643-6568 FAX 604-643-6563 mailto:jcrooks () cdnx ca http://www.cdnx.ca ftp://ftp.cdnx.ca
Current thread:
- Information on Raptor Martin M Samson (Feb 20)
- Re: Information on Raptor Yiorgos Adamopoulos (Feb 21)
- (Fwd) Re: vulnerability database Felix Harris (Feb 21)
- Re: Information on Raptor Malikai (Feb 21)
- Re: Information on Raptor James Crooks (Feb 22)
- Re: Information on Raptor Malikai (Feb 23)
- Consulting lameness, RE: Information on Raptor Ben Grubin (Feb 23)
- Single SignOn Vanna P. Rella (Feb 23)
- Re: Single SignOn Simple Nomad (Feb 24)
- Re: Information on Raptor James Crooks (Feb 22)
- office 2k security bug? Torgeir Hansen (Feb 22)
- R: office 2k security bug? Raistlin (Feb 23)
- Fwd: ANNOUNCEMENT: Lighting Firewall for Linux released Grzegorz Stelmaszek (Feb 23)
- Re: Information on Raptor James Crooks (Feb 21)
- Re: Information on Raptor David J Laumann (Feb 21)
- <Possible follow-ups>
- Re: Information on Raptor Marcelo Amaral - ALTAVISTA.NET (Feb 21)