Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

MrMuishond

My feedback

  1. 58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    MrMuishond supported this idea  · 
  2. 30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    MrMuishond commented  · 

    Trivial to implement and without this anything based on domain names (web filtering, ntp) is vulnerable.

    DNSSEC should also be implemented on all Sophos sites.

    MrMuishond supported this idea  · 
  3. 30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    MrMuishond commented  · 

    Just an observation: Powershell does an excellent job of parsing XML. It would automatically tabulate the export, and allow deep querying.

    It’s probably quite easy to write a script to turn one into the other too.

  4. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  XG Firewall » Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    MrMuishond commented  · 

    DNSSEC should be on the download site too.

    The fact that XG doesn’t validate DNSSEC or secure NTP astonishes me.

    MrMuishond supported this idea  · 
    MrMuishond commented  · 

    Bear in mind MD5 and even SHA1 are not cryptographically secure. SHA256 at a minimum.
    GPG downloads (update packages) should already be safe, signed by keys already programmed into the appliance. But this isn’t the case for ISO files.

    Showing hashes on a web page is of little use though (if the download is compromised the displayed hash could be too).

    All downloads should be gpg signed and the key fingerprint should be included in physically printed documentation supplied via post.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.