Security Basics mailing list archives
RE: Firewall configuration statistics
From: "Des Ward" <des.ward () ntlworld com>
Date: Tue, 10 Jun 2003 21:06:58 +0100
Sorry, My point was that having unhardened servers that are behind a firewall is not the fault per se of the firewall. ALGs should stop the most common attacks, but this is no substitute for ensuring that all parts of the infrastructure are as secure as is possible. -----Original Message----- From: Devdas Bhagat [mailto:devdas () dvb homelinux org] Sent: 10 June 2003 03:38 To: security-basics () securityfocus com Subject: Re: Firewall configuration statistics On 07/06/03 00:42 +0100, Des Ward wrote: <snip>
Is a firewall misconfigured if someone hacks through the web application layer? No, the firewall allows http/https traffic because we need it.
It's
the domain of the overall security strategy to prevent those attacks which no firewall can stop.
Errrr? ALGs could stop some attacks (or if you can do some pattern matching in the ALG, most of them). And layered security should involve some level of layer 7 protocol validation. I don't know about you, but I certainly would include a proxy based firewall for publicly exposed applications (unless they have been throughly audited for known bugs, and maybe even then). Devdas Bhagat --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Firewall configuration statistics security (Jun 06)
- Re: Firewall configuration statistics ATD (Jun 25)
- <Possible follow-ups>
- Re: Firewall configuration statistics Justin Pryzby (Jun 06)
- RE: Firewall configuration statistics Des Ward (Jun 09)
- Re: Firewall configuration statistics Devdas Bhagat (Jun 10)
- RE: Firewall configuration statistics Des Ward (Jun 10)
- RE: Firewall configuration statistics Des Ward (Jun 09)
- RE: Firewall configuration statistics security (Jun 09)
- RE: Firewall configuration statistics John Floyd (Jun 09)
- RE: Firewall configuration statistics Gregory Kane (Jun 09)
- Re: Firewall configuration statistics Brian Eckman (Jun 09)
- Re: Firewall configuration statistics Brad Mills (Jun 09)
- RE: Firewall configuration statistics security (Jun 20)
- Re: Firewall configuration statistics Justin Pryzby (Jun 20)
- RE: Firewall configuration statistics security (Jun 23)
- Re: Firewall configuration statistics Brian Eckman (Jun 24)
- RE: Firewall configuration statistics Des Ward (Jun 24)
- RE: Firewall configuration statistics security (Jun 23)