Dailydave mailing list archives
Re: This just in: Firewalls are obsolete
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 12 Jul 2005 01:39:30 +0200
* Blue Boar:
Firewalls exist so that people can do risky things behind them. Such as running complex protocols. I don't see much drop in use of risky protocols, so I don't expect the use of firewalls to go down much.
In order to offer any protection, the firewall has to implement the complex protocol -- and countless others. This means that the firewall vendor is at a disadvantage compared to the original protocol author (less focus, often less information). I don't think most firewall vendors use radically different implementation techniques; it's mostly C or C++, with the usual problems. Often, the net result is a protocol implementation at the firewall level which is incomplete, does not completely protect the actual service, and has security bugs on its own. In almost all cases, if you run two software packages instead of one, you get the union of all their bugs, not the intersection. The application you're trying to protect must be in a really, really bad sgape before this equation changes. Of course, such things do happen in practice (cf. web applications and SQL injection), but to fix these mishaps, you have to go well beyond typical firewalling efforts. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- This just in: Firewalls are obsolete Jonatan B (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
- Re: This just in: Firewalls are obsolete I)ruid (Jul 12)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
- Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)