Greetings!
Chuck Brown schrieb:
> Ok, I'm gonna show my firewall ignorance here. I know what a packet filter
> does, and I know what a proxy server does, but I don't really comprehend the
> difference in an environment like this. We have customers coming in via NFuse
> to two Citrix boxes. Behind the citrix boxes are a SQL server, and an Exchange
> server. So, the only traffic my firewall would let in are Citrix packets and
> port 25 directly into the exchange server. I know this is an extrordinarily
> open question, but where will a proxy server protect me that a packet filter
> won't?
The packet filter type only checks on the IP header: source address and port to
destination address and port. So it will be no problem to tunnel arbitrary
applications trough that port - or to run malformed data attacks to the server
behind the firewall.
Security proxy servers (e.g. from the cited Raptor firewall) should (but not always
do) check e.g. on existing reverse-lookups, wellformed mail address (address
length limit, only allowed characters, no bang-path routing etc.), complete
headers, etc. - being extremely strict on mail RFCs - which can of course create
problems with non-complying mail servers. Quite often they can do header-hiding or
anonymization as well as content (MIME type) filtering.
With this it is much harder to create a tunnel or to attack the mail server behind
the firewall.
boyaj'a'?
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
