Core FORCE and OpenBSD PF's
Hello everyone,
Theo de Raadt, head of the OpenBSD project, has requested me to clarify
something about the firewall technology of the endpoint security package
(Core FORCE) released today by Core and announced to bugtraq and other
mailing lists.
Core FORCE uses a Windows port of OpenBSD's PF (www.openbsd.org/faq/pf)
for firewalling.
This involved porting the PF engine to a Windows NDIS compliant miniport
kernel driver with trimmed functionality (removed NAT, RDR, packet
queing and normalization and packet tagging among other things) and
adding the ability to set firewall rules on a per-process basis and the
implementation of the "ask" action (in addition to allow,deny) to allow
users to explicitly indicate if they want to pass or block
inboud/outbound packets from/to a given program. Configuration of
firewall rules is integrated to the Core FORCE GUI that also handles
filesystem and registry access control configuration permissions.
In addition to PF's NDIS driver, CORE FORCE also uses a Windows TDI
driver (this one developed from scratch) that allows to also filter
network operations at the socket layer rather than at the packet layer.
We felt that instead of inventing yet a new packet filtering engine we
should use OpenBSD's PF which brings a very robust technology, that have
been extensively tested in the field and withstanded careful security
scrutiny for many years, to the Windows world.
PF is a great piece of software and we're glad that the OpenBSD team
made it available for everyone to use under a BSD license.
If you'd like to learn more about Core Force's architecture and how
OpenBSD's PF fits in it you can browse to the following URL:
http://force.coresecurity.com/index.php?module=articles&func=display&ptid=10&catid=39&aid=16
Thanks,
-ivan
---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842
Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES
46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@xxxxxxxxxxxxxxxx
www.coresecurity.com
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A