Cisco Security Expert

Jamey Heary

Previous Article Next Article

My Security Christmas List

By jheary on Sun, 11/11/07 - 9:23pm.

. What's this?

Christmas ’07 is fast approaching and my kids already have their Christmas lists done. So, I thought I’d do a Christmas list of my own, with a twist. If I could get Santa’s elves to build me a shiny new piece of network security hardware what would I want? We’ll I’d ask for a reputation based firewall that’s what!

I’ve seen the ultimate power that reputation databases, like IronPort’s SenderBase, can add to email anti-spam products and URL Web Security products. So I made the not so giant leap that adding reputation to firewalls makes sense. So how would my new reputation based firewall work you ask, well check this out:

Firewall Admin creates a rule that says if a source IP address coming inbound from the Internet has a reputation of -10 to -5 (on a scale of -10 to +10) then drop it no matter what
Additional rules would be added like if source IP has reputation of -4 to 0 then rate limit the traffic, set a Quality of Service marking of best effort, perform additional deep packet inspection on the traffic flows. A final rule for traffic with a +1 to +10 would direct the firewall to perform it’s normal stateful inspection checks. On the ASA for example this would mean that your current firewall rules, or ACLs, would then be run/used.
You could use your IPS sensors, AV, and HIPS programs running in your internal network to determine and alter the reputation scores of your internal hosts as well. These would then be fed back into the reputation database for your local environment thus allowing you to use a reputation based firewall internally.

I think you get the point by now of how a reputation firewall could be used and why it would be so much more powerful and accurate than firewalls of today. If you’re in need of some more info on what a reputation database is see http://www.ironport.com for an example. They call theirs SenderBase and it sees about 25% of the worlds email traffic. Point being that these reputation databases exist day and are very accurate. I don’t see any reason why we couldn’t re-use these for firewalling.

Well that is what I’d like Santa’s Elves to build for me. What security product would you put on your Christmas list? What do you think of a reputation based firewall product?

The opinions and information presented here are my personal views not those of my employeer.

Tags

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

About Cisco Security Expert

Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.

Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.