UTM that inspects VPN traffic for viruses? - Firewalls

This is a discussion on UTM that inspects VPN traffic for viruses? - Firewalls ; I have vendors that need remote access to my server. They have been using RAS. Although the server had virus protection, we got hit with something that disabled our file shares and caused a day of downtime. I want to ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: UTM that inspects VPN traffic for viruses?

  1. UTM that inspects VPN traffic for viruses?


    I have vendors that need remote access to my server. They have been
    using RAS. Although the server had virus protection, we got hit with
    something that disabled our file shares and caused a day of downtime.
    I want to scan all traffic between our network and the Internet for
    viruses, which means scanning VPN traffic as well as web browsing and
    downloads. Is this possible? This is a 10 user envirnment, any
    recommendations?

    thanks
















  2. Re: UTM that inspects VPN traffic for viruses?

    1crazyrican@gmail.com wrote, On 21/01/08 15:31:
    > I have vendors that need remote access to my server. They have been
    > using RAS. Although the server had virus protection, we got hit with
    > something that disabled our file shares and caused a day of downtime.
    > I want to scan all traffic between our network and the Internet for
    > viruses, which means scanning VPN traffic as well as web browsing and
    > downloads. Is this possible? This is a 10 user envirnment, any
    > recommendations?


    It is certainly possible, you just need to do it once the traffic has
    popped out of the tunnel and is in the clear. I would also say that you
    need a firewall that limits what your vendor can assess to the specific
    machines and ports that the vendor needs access to, that way even if
    they do have a virus there are limits on the mechanisms it could use to
    spread to your network. If your vendor can place files on your systems
    you might want an on-access virus scanner on all systems that the vendor
    can access even if you would not bother otherwise. Finally, you might
    want to limit the times your vendor can access your systems to being
    only when they really need to (i.e. you have phoned them up and asked
    them to investigate something).

    I'm actually in the position of being employed by a vendor and needing
    remote access to customer systems, and some of the restrictions can be
    annoying, but if I was the customer I would want to lock down tight what
    the vendor can do.
    --
    Flash Gordon

  3. Re: UTM that inspects VPN traffic for viruses?

    On Jan 21, 4:12*pm, Flash Gordon wrote:
    > 1crazyri...@gmail.com wrote, On 21/01/08 15:31:
    >
    > > I have vendors that need remote access to my server. They have been
    > > using RAS. Although the server had virus protection, we got hit with
    > > something that disabled our file shares and caused a day of downtime.
    > > I want to scan all traffic between our network and the Internet for
    > > viruses, which means scanning VPN traffic as well as web browsing and
    > > downloads. Is this possible? This is a 10 user envirnment, any
    > > recommendations?

    >
    > It is certainly possible, you just need to do it once the traffic has
    > popped out of the tunnel and is in the clear. I would also say that you
    > need a firewall that limits what your vendor can assess to the specific
    > machines and ports that the vendor needs access to, that way even if
    > they do have a virus there are limits on the mechanisms it could use to
    > spread to your network. If your vendor can place files on your systems
    > you might want an on-access virus scanner on all systems that the vendor
    > can access even if you would not bother otherwise. Finally, you might
    > want to limit the times your vendor can access your systems to being
    > only when they really need to (i.e. you have phoned them up and asked
    > them to investigate something).
    >
    > I'm actually in the position of being employed by a vendor and needing
    > remote access to customer systems, and some of the restrictions can be
    > annoying, but if I was the customer I would want to lock down tight what
    > the vendor can do.
    > --
    > Flash Gordon


    Thanks, the information was helpful. So you're saying there aren't any
    devices that can inspect VPN traffic that you know of?
    thanks again

  4. Re: UTM that inspects VPN traffic for viruses?

    1crazyrican@gmail.com wrote:


    > Thanks, the information was helpful. So you're saying there aren't any
    > devices that can inspect VPN traffic that you know of?


    If a device can decrypt (and scan) the traffic on the way between the 2
    encryption endpoints a VPN is no longer what its name implies - *private*
    and security for the trafic does no longer exist.

    So content filtering (scanning) can only take place after decryption by one
    of the trusted VPN endpoints.

    Depending on firewall modell traffic through VPN-Tunnels can be filtered by
    interface(s), source, destination, destination port etc.

    If you want to do content filtering you'll need some sort of proxy/content
    filter behind the gateway or sometimes integrated into the gateway. UTM
    boxes offer usually proxies/content filters only for http, ftp, smtp, pop3
    and seldom if ever for the SMB stuff (Microsoft network services) or even
    RDP.

    Wolfgang




  5. Re: UTM that inspects VPN traffic for viruses?

    On Jan 21, 7:31*pm, 1crazyri...@gmail.com wrote:
    > I have vendors that need remote access to my server. They have been
    > using RAS. Although the server had virus protection, we got hit with
    > something that disabled our file shares and caused a day of downtime.
    > I want to scan all traffic between our network and the Internet for
    > viruses, which means scanning VPN traffic as well as web browsing and
    > downloads. Is this possible? This is a 10 user envirnment, any
    > recommendations?
    >
    > thanks


    all u need to do is find a firewall which can act as a vpn
    accelerator...

  6. Re: UTM that inspects VPN traffic for viruses?

    Arjun wrote:


    > all u need to do is find a firewall which can act as a vpn
    > accelerator...


    Complete nonsense, why don't you keep quiet when you are clueless?

    Wolfgang

  7. Re: UTM that inspects VPN traffic for viruses?

    Scanning the content of a secure connection would be considered as a
    'man-in-the-middle' attach and would completely defeat the purpose.

    Scanning incoming content from the Internet is no problems. I use
    SafeSquid as content filtering proxy to control access to the net,
    which is integrated with ClamAV to do just that at the gateway, with
    satisfactory results. SafeSquid also has a buit-in connectivity to
    other commercial AVs like Dr. Web, NOD32, Kaspersky, Sophos, Avast,
    Trend Micro, Symantec, etc.

    I don't know if this can be done, but this is just an idea, if it
    would be helpful.
    SafeSquid can also be deployed as a reverse proxy. You can granularly
    configure who is allowed to access what, when and how much. So, I
    think it should be possible to define IP based or authentication based
    rules for the vendors, and define what they are allowed to access?
    Again, all the content that you receive from the vendors, can also be
    scanned. Would that be a workable solution?

  8. Re: UTM that inspects VPN traffic for viruses?

    On Jan 24, 12:19*am, Wolfgang Kueter wrote:
    > Arjun wrote:
    > > all u need to do is find a firewall which can act as a vpn
    > > accelerator...

    >
    > Complete nonsense, why don't you keep quiet when you are clueless?
    >
    > Wolfgang



    wats rong with that..... confirm urself buddy...

  9. Re: UTM that inspects VPN traffic for viruses?

    On Jan 24, 1:25*am, Sean wrote:
    > Scanning the content of a secure connection would be considered as a
    > 'man-in-the-middle' attach and would completely defeat the purpose.
    >
    > Scanning incoming content from the Internet is no problems. I use
    > SafeSquid as content filtering proxy to control access to the net,
    > which is integrated with ClamAV to do just that at the gateway, with
    > satisfactory results. SafeSquid also has a buit-in connectivity to
    > other commercial AVs like Dr. Web, NOD32, Kaspersky, Sophos, Avast,
    > Trend Micro, Symantec, etc.
    >
    > I don't know if this can be done, but this is just an idea, if it
    > would be helpful.
    > SafeSquid can also be deployed as a reverse proxy. You can granularly
    > configure who is allowed to access what, when and how much. So, I
    > think it should be possible to define IP based or authentication based
    > rules for the vendors, and define what they are allowed to access?
    > Again, all the content that you receive from the vendors, can also be
    > scanned. Would that be a workable solution?


    I understand the concept of a VPN tunnel and how it is encrypted to
    protect the data, but if my firewall is the endpoint, and it is
    encrypting/decrypting data, doesn't that mean that it should be able
    to inspect the data for malware? I did a google and came up with the
    paragraph below. I am aware that the device is intended for managed
    service providers but the concept is the same and I would imagine it
    could be provided on a device for a a small to medium business.
    thanks!

    "MSSP: Virus-Free managed VPN Service
    Taking advantage of Fortinet's integrated antivirus protection,
    managed service providers can deliver the industry's most secure VPN
    service by enabling Fortinet's advanced antivirus engine to block
    incoming and outgoing VPN traffic that contains viruses, worms,
    trojans, spyware and other malicious content to prevent virus
    outbreaks from spreading from office to office. As an added benefit,
    Fortinet's flexible VPN architecture allows for interoperability with
    most IPSec VPN gateways. Regardless of the VPN CPE the customer has in
    place, the FortiGate system deployed at the core will ensure virus-
    free VPN traffic."
    http://www.fortinet.com/solutions/vpn.html



  10. Re: UTM that inspects VPN traffic for viruses?

    On Jan 25, 11:35*pm, 1crazyri...@gmail.com wrote:
    > On Jan 24, 1:25*am, Sean wrote:
    >
    >
    >
    >
    >
    > > Scanning the content of a secure connection would be considered as a
    > > 'man-in-the-middle' attach and would completely defeat the purpose.

    >
    > > Scanning incoming content from the Internet is no problems. I use
    > > SafeSquid as content filtering proxy to control access to the net,
    > > which is integrated with ClamAV to do just that at the gateway, with
    > > satisfactory results. SafeSquid also has a buit-in connectivity to
    > > other commercial AVs like Dr. Web, NOD32, Kaspersky, Sophos, Avast,
    > > Trend Micro, Symantec, etc.

    >
    > > I don't know if this can be done, but this is just an idea, if it
    > > would be helpful.
    > > SafeSquid can also be deployed as a reverse proxy. You can granularly
    > > configure who is allowed to access what, when and how much. So, I
    > > think it should be possible to define IP based or authentication based
    > > rules for the vendors, and define what they are allowed to access?
    > > Again, all the content that you receive from the vendors, can also be
    > > scanned. Would that be a workable solution?

    >
    > I understand the concept of a VPN tunnel and how it is encrypted to
    > protect the data, but if my firewall is the endpoint, and it is
    > encrypting/decrypting data, doesn't that mean that it should be able
    > to inspect the data for malware? *I did a google and came up with the
    > paragraph below. I am aware that the device is intended for managed
    > service providers but the concept is the same and I would imagine it
    > could be provided on a device for a a small to medium business.
    > thanks!
    >
    > "MSSP: Virus-Free managed VPN Service
    > Taking advantage of Fortinet's integrated antivirus protection,
    > managed service providers can deliver the industry's most secure VPN
    > service by enabling Fortinet's advanced antivirus engine to block
    > incoming and outgoing VPN traffic that contains viruses, worms,
    > trojans, spyware and other malicious content to prevent virus
    > outbreaks from spreading from office to office. As an added benefit,
    > Fortinet's flexible VPN architecture allows for interoperability with
    > most IPSec VPN gateways. Regardless of the VPN CPE the customer has in
    > place, the FortiGate system deployed at the core will ensure virus-
    > free VPN traffic."http://www.fortinet.com/solutions/vpn.html- Hide quoted text -
    >
    > - Show quoted text -


    as i told if ur firewall is goin to act a VPN gateway the UTM solution
    could very well do that...instead if your vpn gateway is inside
    firewall then UTM will not be able to check into the content (as it's
    encrypted)...hope u get it..

  11. Re: UTM that inspects VPN traffic for viruses?

    On Jan 26, 1:26*am, Arjun wrote:
    > On Jan 25, 11:35*pm, 1crazyri...@gmail.com wrote:
    >
    >
    >
    >
    >
    > > On Jan 24, 1:25*am, Sean wrote:

    >
    > > > Scanning the content of a secure connection would be considered as a
    > > > 'man-in-the-middle' attach and would completely defeat the purpose.

    >
    > > > Scanning incoming content from the Internet is no problems. I use
    > > > SafeSquid as content filtering proxy to control access to the net,
    > > > which is integrated with ClamAV to do just that at the gateway, with
    > > > satisfactory results. SafeSquid also has a buit-in connectivity to
    > > > other commercial AVs like Dr. Web, NOD32, Kaspersky, Sophos, Avast,
    > > > Trend Micro, Symantec, etc.

    >
    > > > I don't know if this can be done, but this is just an idea, if it
    > > > would be helpful.
    > > > SafeSquid can also be deployed as a reverse proxy. You can granularly
    > > > configure who is allowed to access what, when and how much. So, I
    > > > think it should be possible to define IP based or authentication based
    > > > rules for the vendors, and define what they are allowed to access?
    > > > Again, all the content that you receive from the vendors, can also be
    > > > scanned. Would that be a workable solution?

    >
    > > I understand the concept of a VPN tunnel and how it is encrypted to
    > > protect the data, but if my firewall is the endpoint, and it is
    > > encrypting/decrypting data, doesn't that mean that it should be able
    > > to inspect the data for malware? *I did a google and came up with the
    > > paragraph below. I am aware that the device is intended for managed
    > > service providers but the concept is the same and I would imagine it
    > > could be provided on a device for a a small to medium business.
    > > thanks!

    >
    > > "MSSP: Virus-Free managed VPN Service
    > > Taking advantage of Fortinet's integrated antivirus protection,
    > > managed service providers can deliver the industry's most secure VPN
    > > service by enabling Fortinet's advanced antivirus engine to block
    > > incoming and outgoing VPN traffic that contains viruses, worms,
    > > trojans, spyware and other malicious content to prevent virus
    > > outbreaks from spreading from office to office. As an added benefit,
    > > Fortinet's flexible VPN architecture allows for interoperability with
    > > most IPSec VPN gateways. Regardless of the VPN CPE the customer has in
    > > place, the FortiGate system deployed at the core will ensure virus-
    > > free VPN traffic."http://www.fortinet.com/solutions/vpn.html-Hide quotedtext -

    >
    > > - Show quoted text -

    >
    > as i told if ur firewall is goin to act a VPN gateway the UTM solution
    > could very well do that...instead if your vpn gateway is inside
    > firewall then UTM will not be able to check into the content (as it's
    > encrypted)...hope u get it..- Hide quoted text -
    >
    > - Show quoted text -


    Got it, and thanks.

+ Reply to Thread