Embed Size (px)
Citation preview
Four categories
• Perimeter high-availability firewalls to protect the enterprise
• Colo firewalls for ASP/MSP applications
• SOHO firewalls for remote offices and home nets
• Desktop/software firewalls for extra protection
Problems with high-availability firewalls
• Need to work in combination with load balancers, and deal with maintaining connection states in the case of a failover
• Gigabit throughputs for large networks can overwhelm them
• They still are vulnerable to attacks from within the corporate network (Nimda et al.)
Soho firewalls
• “Frhubs” or residential gateways that combine hubs and routers in a small and inexpensive package
• Leading vendors include SonicWall and Watchguard
Common Frhub features
• 4 to 8 Ethernet (switched, 10/100) ports
• Web browser to administer their boxes
• Supports Network Address Translation
• Supports upstream DHCP client, DHCP server
• Rudimentary port control and sometimes packet inspection too
Two types of desktop firewalls
• Centrally managed, such as Norton, Trend, and McAfee console products
• And not, such as Norton Internet Security, Zone Alarm, and BlackICE
Desktop advantages
• Block internally generated attacks
• All are better than nothing, but not as good as a hardware firewall, and should complement rather than replace them
Firewalls-on-a-card
• Merilus
• Omnicluster
A good idea, if you have the expertise to configure them properly and don’t have the rack space to add separate firewall hardware.
Online updates
• Watchguard and others have the ability to receive upgrades and updates via the Net. A Good Idea.
• Win XP has something similar. A Bad Idea.
Ways around firewalls
• Uroam.com
• GoToMyPC.com
• Neoteris, other appliances
• Remote control software (PC Anywhere, Ccopy, etc.)
Remote control loopholes
• Do you even know if they are running?
• Do port scans for common ports that are used:– PC Anywhere: 5631-2– Control IT: 799– Carbon Copy: 1680– VNC: 5900
Wireless LAN loopholes
• Do you even know if they are running?
• NetStumbler.com: good resource
• Read this article too.
Wireless VPN/firewall appliances
• BlueSocket
• ReefEdge
• Vernier Networks
• Mobility from Netmotion Wireless
State of VPNs
• Software included in Soho firewalls like Sonic and Netgear
• Still too hard for the average consumer, and the average business computer user
• But wider support is inevitable
• VPN.net: A new way of establishing VPNs
