|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Q&A with an Engineer in the
Field |
|
|
|
 |
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
A Monthly Section
Featuring Hi-Link Senior Engineer Phil
Chen
Question: I am working
in a school environment where P2P file sharing traffic is a
constant problem for us. For our wireless network, we are only
allowing port 80 and port 443 Web traffic, but P2P traffic are
disguising as part of the web traffic and going through with
little problems. What are my options?
Answer: We
are seeing an increase number of applications with capability
to tunneling their traffic to typically allowed ports such as
those in your network. These applications include but are not
limited to P2P and VPN programs. You have to treat them as two
different problems. Port 80 is common, clear text web traffic.
You can use a proxy server, firewall capable of application
layer inspection (Cisco PIX firewall, Checkpoint Firewall,
etc.), or even an IDS (Intrusion Detection System) to enforce
strict HTTP RFC compliance. In another words, only http
traffic is allowed through port 80 and drops all other
disguised traffic.
Port 443 traffic is a different beast.
It is encrypted traffic to start with. Most equipment can not
inspect the contents of such traffic. You have to decrypt the
traffic and inspect the content to make the decision of
dropping or allowing the traffic. There are still many hurdles
in this approach. Many schools simply just resort to limiting
the bandwidth that can be used by port 443 applications to
limit the affect of port 443 abuses.
* Phil Chen
has been a Senior Engineer with Hi-Link for over ten years.
He is a graduate of Polytechnic University with a BS in
Electrical Engineering. A few of his industry
certifications include: CCNP, CCSP, INFOXEC, CCSS, CCNA, CCDA,
MCSE, AND CCA.
If you have a question for Phil please
e-mail info@hi-link.com. Your question may appear in
next months issue.
www.hi-link.com
|
|
|
|
New from RSA Security: the RSA SecurID SID800
token |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The new RSA SecurID SID800 tokens expand the
flexibility and choice for customers worldwide. The
USB-enabled two-factor authentication token enables customers
to manage a broad range of authentication credentials,
including one-time passwords, digital certificates and static
passwords.
This token increases flexibility by
enabling people to leverage the security benefits of
two-factor authentication in either a connected or
disconnected environment. In addition, the RSA SecurID SID800
token comes with an integrated smart chip, which delivers the
functionality and versatility of a smart card in a convenient
and easy-to-carry format.
This token's 64-K smart chip
is capable of storing up to seven digital certificates and
three sets of password credentials, which can be used to log
on to a Microsoft Windows operating system. The USB connector
is able to read one-time passwords directly from the
authenticator, eliminating the need to manually enter one-time
password data.
http://www.rsasecurity.com//products/securid/datasheets/SID800_DS_0205.pdf
| |
 |
|
|
|
|
|
|
|
|
|
|
|
|
Barracuda Networks Spam Firewall
400 Product Assessment |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Barracuda Spam Firewall
400, an aggressively priced, user-friendly
appliance.
"Anti-spamming
Functionality
Barracuda Spam Firewall uses ten different
anti-spam filtering technologies to guard against e-mail
threats including spam, malicious content such as viruses, and
abuses of corporate policies such as large attachments.
The technology examines the source of the e-mail and the
message content in a pattern matching and heuristic approach.
Methods include Bayesian filtering, updated URL filters, and
attachment signatures to monitor embedded content.
Barracuda Networks provides customers with content security
through the outbound e-mail stream which is now integrated
into a single appliance.
In April 2005, Barracuda
Networks announced availability of an upgrade for its entire
Barracuda Spam Firewall product line to Apache SpamAssassin
3.0.2. SpamAssassin is one of ten defense layers included in
the Barracuda Spam Firewalls powerful approach to spam and
virus filtering. This latest SpamAssassin version includes a
more modular architecture enabling Barracuda Networks to
respond even faster to the latest techniques used by
spammers.
Barracuda Spam Firewall currently does not
offer a reputation service, which is offered by some
competitors. However, Barracuda Networks has integrated SPF
and Microsoft Sender ID Framework in the Barracuda Spam
Firewall, which are prerequisites to reputation services.
Also in April 2005, like many of its competitors,
Barracuda launched a separate appliance to combat spyware,
called the Barracuda Spyware Firewall, a comprehensive
anti-spyware and Web filtering gateway appliance. The
Barracuda Spyware Firewall combines preventative, reactive,
and proactive measures to form a complete anti-spyware
solution for businesses of all sizes. With spyware as the
current scourge of the Internet, it can be expected that
end-users will increasingly look for more powerful
anti-spyware capabilities for the enterprise.
Management
Features
Barracuda Spam Firewall has a mature Web-based
management solution, so administrators can centrally manage
all computers running the software from a Web browser.
Barracuda Spam Firewall offers flexible management
capabilities, supporting a large number of rules that
administrators can make in order to customize mail policies
for different groups in an organization, such as setting
individual or global quarantine settings and allowing users to
control score settings.
Barracuda Spam Firewall's
statistical reporting tools include traffic reports and
reports on top e-mail senders and top e-mail viruses.
Barracuda has improved its reporting features in its recent
release, increasing the number of summary reports e-mailed to
the administrator and allowing user access to the messaging
queues via the dashboard. However, Barracuda could still
improve in the variety of ways the data is presented.
Barracuda Spam Firewall functionality includes global and
per-user spam settings which, when enabled, allow end users to
add senders to a whitelist.
Architecture
Barracuda
Spam Firewall is an e-mail server protection appliance that is
simple to use because there is no software to install and no
e-mail system modifications are needed. This is a very
attractive feature to customers who do not want to dedicate IT
support to installing and maintaining the system.
Barracuda Spam Firewall performs with solid accuracy. The
appliance claims a 95-97% effectiveness rate (i.e., blocking
95 to 97 out of every 100 incoming spam messages) and a 0.01%
false positive rate. The largest model, Barracuda Spam
Firewall 800, supports up to 30,000 active e-mail users.
Barracuda Networks' largest customer has 10 million users.
The Barracuda Spam Firewall 400 is aggressively priced,
compared to competitors, with no per-user licensing fees. The
appliance blocks up to 10 million messages per day, supports
10,000 active users, is priced at $3,999, and offers content
updates via an Energize Update subscription priced at $299 to
$1,999 per year, depending on the model. Multiple units can be
clustered for larger installations to support a large capacity
of users and high availability.
Barracuda Spam Firewall
400 is scalable and supports clustering. In addition to
handling over 10 million messages a day without bogging down
an organization's e-mail servers because the appliance
operates independently, larger customers can cluster multiple
Barracuda appliances together and manage them as one,
including remote clustering."
Reported by Current
Anyalsis
http://www.currentanalysis.com/ccnet/PA_1821.aspx#
|
|
|
|
Symantec Network Security
Appliance - Is it worth it? |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
An Independent Analysis
of the Symantec Security Unit
The
Tolly Group Report indicates the Symantec Security
Appliance:
"Detects and blocks 100% of 500+
enterprise-class attacks, suspicious
threats, and security
risks in over 35 categories including worms,
exploits,
spyware, adware, P2P/Instant Messaging, stealth reconnaissance
activity, protocol violations, and policy compliance"
This
is a very comprenhensive report and a worthy of an in depth
read.
http://www.tolly.com/ts/2005/Symantec/7160/TollyTS205111SymantecCorpNetworkSecurity7160June2005.pdf
| |