First sentence mentions deep packet analysis for protocols like HTTP. But that's not really relevant anymore is it? Most modern websites will automatically redirect HTTP to HTTPS and then you can't apply deep packet analysis anymore. I can see some other fairly nice features here but not really enough to make me switch.
Zorp GPL is free/opensource, so unless you're looking for some of the closed source features in Zorp Professional you should be able to tinker pretty heavily.
If I agree with you: Yep it sure is, and that's perfectly ethical for personal and corporate use. To businesses, they have a responsibility to filter what goes in and out of their network, in the interest of their customers and themselves.
If I don't agree with you: Do you think IP/port based firewalls are censorship? That any kind of cyber-border security is an affront to rights? If not, then how do you govern access as a private organization when everything is tcp/443 on AWS? Gotta know what it's going to.
It has that potential, and I'm sure that's part of the business case for it (along with the more likely concern about exfiltration of data from secure networks).
Or it could be privacy software that lets you look at data you're sending to the cloud, modify it, or prevent it altogether.
It just depends who is in control of the software.
Squid is mainly a web caching proxy. Zorp is a next generation firewall.
The architecture is modular, and you can write plug-ins that analyse the structure of communications beyond packet headers: the content is inspected.
The open source version includes out of the box support for inspecting HTTP, FTP, SMTP, POP3, Finger, Whois, Telnet (+TLS).
But you can write plugins that couple the engine with anything, from an IDS such as Snort, Bro or Suricata, to something like nDPI or AssemblyLine.
squid also has redirectors and c-icap filters etc, firewall wise it uses the OS(e.g. iptables), so it's more than a proxy but it does not do packet-level-firewall as it depends on iptables.
looks like zorp is a all-in-one solution, hope i have time to play with it soon
17 comments
[ 2.9 ms ] story [ 30.5 ms ] threadhttps://github.com/Balasys/zorp/blob/master/lib/proxyssl.cc https://github.com/Balasys/zorp/blob/master/lib/pyx509.cc
It's able to inspect and relay the connection as well as passing it to another proxy
https://github.com/Balasys/zorp/blob/master/lib/proxystack.c...
https://www.balasys.hu/content/documents/zorp-gpl-guide-refe...
I kinda thought about it but the 50-100 bucks expenditure just for curiosity seems a bit heavy
If I don't agree with you: Do you think IP/port based firewalls are censorship? That any kind of cyber-border security is an affront to rights? If not, then how do you govern access as a private organization when everything is tcp/443 on AWS? Gotta know what it's going to.
I am considering it as a tool to provide another layer of protection for my small business network. That would make your summary a positive for me.
Or it could be privacy software that lets you look at data you're sending to the cloud, modify it, or prevent it altogether.
It just depends who is in control of the software.
The architecture is modular, and you can write plug-ins that analyse the structure of communications beyond packet headers: the content is inspected. The open source version includes out of the box support for inspecting HTTP, FTP, SMTP, POP3, Finger, Whois, Telnet (+TLS). But you can write plugins that couple the engine with anything, from an IDS such as Snort, Bro or Suricata, to something like nDPI or AssemblyLine.
https://www.ntop.org/products/deep-packet-inspection/ndpi/ https://bitbucket.org/cse-assemblyline/assemblyline
Based on the results of the analysis, you can choose to apply firewall rules.
looks like zorp is a all-in-one solution, hope i have time to play with it soon