Jon's Network

McAfee is releasing McAfee Firewall Enterprise Version 8. Our next-generation firewall is a true revolution in network security and administration. http://www.mcafee.com/OverhaulYourFirewall I wonder if this is just a reworked Sidewinder or something totally different.

[Read more →]

(Link: Fortinet) started out about 10 years ago as a small company making this new-fangled thing dubbed later by IDC a UTM device. They have been the market leader in the UTM market for a while now and offer appliances for every size network. They offer a variety of solutions beyond firewalls including endpoint security, antispam, database security, vulnerability management and web application security.

(Link: Fortinet)

[Read more →]

In October, Gartner released a research note on Next-Generation Firewalls. In the paper, Gartner states that an NGFW should at least: support bump-in-the-wire configuration act as a platform for network traffic inspection and network policy enforcement with the following minimum features: standard first-generation firewall capabilities: packet filtering, NAT, stateful inspection, VPN, etc. integrated IPS and [...]

[Read more →]

In November 2007 I predicted that Fortinet would add SSL inspection to their Fortigate appliances to catch up with Palo Alto Networks. I was wrong by 4 months. FortOS 4.0, with SSL inspection, was released today. It boasts: Application Control SSL Inspection Data Leakage Prevention (DLP) WAN Optimization The first three are to catch up [...]

[Read more →]

Astaro now blocks Ultrasurf with version 7.4. The need and difficulty of this task for schools are so great that Astaro issued a press release to announce the new feature. Apparently they are doing this using SSL inspection (outbound SSL proxy) as opposed to using application signatures. Outbound SSL proxies introduce a new range of [...]

[Read more →]

Fix-the-Firewall-PAN-ebook.pdf This ebook provides a brief introduction to the limitations of traditional port-blocking firewalls and explains how Palo Alto Networks resolves these problems. There is an in-depth product demo here. More discussion on the topic at What is a Firewall.

[Read more →]

Nir Zuk of Palo Alto Networks posted a video response to this online video argument about firewall innovation that I mentioned before. Via Nir Zuk responds | ThreatChaos

[Read more →]

Richard Stiennon hosted a round-table discussion about firewall innovation. Two main opinions were argued. Mike Murray argued that there hasn’t been any innovation for the past decade, that firewalls do stateful inspection to keep most of the garbage out and that is it. Adding functionality from other parts of the security market isn’t firewall innovation, [...]

[Read more →]

Organizations under pressure to keep students and employees from bypassing internet filters using client technologies, like UltraSurf are in a perpetual game of cat and mouse. A network admin I know used these steps to block it on his Sonicwall: Ultrasurf uses “140300000101″ for SSL ehlo messages. If you can block this signature with the [...]

[Read more →]

Whenever I learn about a new UTM device (or next generation firewall, secure network gateway, etc.), I’m amazed that there is yet another one. Some of these are well known, but others I’ve never seen in the wild. How many of these companies are making money right now? Here is a first stab at listing [...]

[Read more →]