'Re: Firewalls- Deep Packet Inspection (L7)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: Firewalls- Deep Packet Inspection (L7)
From:       Soumen Paul <soumenpaul1977 () googlemail ! com>
Date:       2011-04-05 18:16:39
Message-ID: E46E0261-8226-43A7-8A7A-5E0F2EA2553F () googlemail ! com
[Download RAW message or body]

Juniper screen OS based FWs use two methods:
1: screening - it's pre defined within it's software code and configurable with \
limited option. This checks header but juniper claims it does payload to some extent. \
As you update software of firewall, this baseline gets updated otherwise this is \
pretty static 2. Deep inspection: signature based and inspect payload. The signature \
database is the same one which they use for IDS/IPS products

Checkpoint has more options 
1: smart defence - signature based and can look at header and payload.
2: web intelligence: can read pay load. Good for web farms and http services
3: CP also have pre defined protocol inspection which it inspects better than other \
vendors. Base.def file has these definition. A good example would be, if you use FTP \
pre defined service in rule base and if the FTP implementation has issue (non RFC \
implementation) CP will drop the packet. Either you turn off CP default FTP service \
or fix your FTP server. This is again not true DPI but beyond normal header checking

Juniper does this as well using ALG but not good like checkpoint

Cisco FW just have fix up in pix family and inspect in asa . Not good as the others. \
It's just protocol inspection. No payload and intelligent header Checking


Regards
Soumen



On 2 Apr 2011, at 02:52 AM, cybersecure4561@gmail.com wrote:

> I'm posting to the forum to ask the opinion of senior FW experts on which firewalls \
> truly perform DPI. I've done some research & it appears that their is no industry \
> standard that identifies what DPI is or does.  
> Those with FW experience on CP, Cisco, Juniper products, which are fw that do DPI \
> of the payload? I ask this question because Cisco IOS CBAC/Inspect or Zone Based \
> rules do use signatures but do not update packet signatures. Cisco relies on the \
> edition of IPS packet inspection (updates by SmartNet contract)to achieve the claim \
> of performing DPI. IPS/IDS do have their place in the infrastructure but they are \
> not FW's. Enterprise security people would not say forget the FW let's use an \
> IDS/IPS instead. 
> Do check point & Juniper also rely on an IPS as an integral part of DPI or is this \
> function & process carried out only by the FW. I know that CP has bundled an IPS \
> into their suite but their IPS is renowned for false positives. It's my humble \
> opinion that in the high end firewalls Check Point & Juniper really do DPI(L7). 
> Are their any independent organizations/labs that have tested vendor claims & \
> performance of firewalls that do DPI?  
> 
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL \
> certificate.  We look at how SSL works, how it benefits your company and how your \
> customers can tell if a site is secure. You will find out how to test, purchase, \
> install and use a thawte Digital Certificate on your Apache web server. Throughout, \
> best practices for set-up are highlighted to help you ensure efficient ongoing \
> management of your encryption keys and digital certificates. 
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
> 

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate.  We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic