Diederik Schouten wrote: > > Bridging vs Riuting firewalls... > > The main strength of a bridged firewall to me is the fact that it only exists >virtually on the network. > How to attack a firewall that you cannot address directly? > Even when you are connected to the same network/switch you will not be able to find >the firewall, unless you know what you are > looking for. > > Implementation wise a bridging/routing firewall offers you a few advantages over a >routed one.
I think is is another holy war, like MAC vc PC, Windows or Linux, Chocolate or Vanilla, etc... by anyways... Well. Agreed on what was said about transparent firewalls, when it becomes to "It's easier to implement". But, what about ARP spoofing/poisoning? What about "ARP discovering"? Due the fact a transparent firewall has to answer ARP requests on behalf of the equipments on the other side (this is, the firewall has to do some kind of ARP proxying), you can easily detect what's behind the firewall. Probably a properly configured one, would stop such attacks at layer 2, but that can also reveal that there's some kind of device over there, so it is not an invisible device anymore. In the other hand, some transparent firewalls vendors, market their devices as "unhackable". Well, saying that is realizing they're not in the security arena (at least not at all). When you're in this business, you've to recognize that there's nothing perfect, and that you cannot be confident that you won't be hackable tomorrow. Tha fact that it was not hacked today doesn't mean that it won't be hacked 2 hours later... Even if you cannot ping the device also, doesn't mean that you cannot attack it. Is that box immune to Denial of Service attacks using flooding? Does that think keeps something on memory? What if I build lots of small packets faking addresses and send such packets thru the net? How the device and the internal resources of such device does behave? - Not sure it will handle everything if it doesn't have enough memory... Now, If you're taking care about layer 2 stuff, you also should care about layer 7 stuff. The very basic definition of a firewall, is that it should be a mechanism to stop attacks. Well, it cannot stop attacks if it cannot understand what's going on at the upper layers. Such devices usually are not aware if nimda is going inside the network, of if Craig is trying to use John's account to login to the Accounting server. So, you still need more mechanisms to stop such attacks... IMHO, such devices try to position the idea that you can trust the box, and you're totally secure because you're using it. So you will be unhackable because you've a transparent firewall... If you're a trained sysadmin/secadmin you'll realize you need extra stuff, but if you're bot, it can be a bit dangerous to eat that... Best regards. - Mart�n. -- Mart�n H. Hoz-Salvador EX-A-IEC, EX-A-FIME (UANL) http://gama.fime.uanl.mx/~mhoz "Somos consecuencia del pasado, y causa de nuestro futuro." "Este mundo no nos ha sido legado por nuestros padres, sino lo hemos recibido prestado por nuestros hijos..." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
