Core FORCE and OpenBSD PF's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello everyone,

Theo de Raadt, head of the OpenBSD project, has requested me to clarify
something about the firewall technology of the endpoint security package
(Core FORCE) released today by Core and  announced to bugtraq and other
mailing lists.

Core FORCE uses a Windows port of OpenBSD's PF (www.openbsd.org/faq/pf)
for firewalling.

This involved porting the PF engine to a Windows NDIS compliant miniport
kernel driver with trimmed functionality (removed  NAT, RDR, packet
queing and normalization and packet tagging among other things) and
adding the ability to set firewall rules on a per-process basis and the
implementation of the "ask" action (in addition to allow,deny) to allow
users to explicitly indicate if they want to pass or block
inboud/outbound packets from/to a given program. Configuration of
firewall rules is integrated to the Core FORCE GUI that also handles
filesystem and registry access control configuration permissions.

In addition to PF's NDIS driver, CORE FORCE also uses a Windows TDI
driver (this one developed from scratch) that allows to also filter
network operations at the socket layer rather than at the packet layer.

We felt that instead of inventing yet a new packet filtering engine we
should use OpenBSD's PF which brings a very robust technology, that have
been extensively tested in the field and withstanded careful security
scrutiny for many years, to the Windows world.

PF is a great piece of software and we're glad that the OpenBSD team
made it available for everyone to use under a BSD license.

If you'd like to learn more about Core Force's architecture and how
OpenBSD's PF fits in it you can browse to the following URL:

http://force.coresecurity.com/index.php?module=articles&func=display&ptid=10&catid=39&aid=16


Thanks,

-ivan

---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842

Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@xxxxxxxxxxxxxxxx
www.coresecurity.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux