Re: firewalls and the incoming traffic problem

[Bennett Todd <bet () rahul net>]

On Sun, Sep 28, 1997 at 11:51:31PM -0000, Itai Dor-on wrote:
> I tend to disagree with your point of view regarding the propose of the
> firewall system.

Before disagreeing, make sure you've correctly read his position ... tricky,
as mjr is a subtle author, and language barriers can make it easy to get
fooled. It's worth knowing that Marcus is the original author of the TIS
Firewall Toolkit, the foundation of the Gauntlet firewall from TIS, which is
in turn the basis for the V-One Smartwall of V-One Corp., at which company
mjr was Chief Scientist until he spun off into his mysterious new company
Network Flight Recorder.

> From your post I understand that you see firewalls mainly as pure "packet
> filters".

I believe rather that he sees that as a popular market perspective. He's the
author of certainly the oldest, and possibly the most widely-used to this day,
proxy-based commercial firewall. But he wasn't commenting on the nature of the
security implementation _he_ would set up --- or even anyone who knows enough
to do a competant job. There aren't enough of us to go around by several
orders of magnitude. I think mjr was talking about the perspective of your
typical ignorant customer, buying a box called a ``firewall'' from your
equally-ignorant typical vendor. in that market ease of configuration is the
critical selling point, so there's no point in the kind of complex and subtle
features required to implement a complex security policy. Your commercial
firewall thus ends up being a mildly enhanced screening router with a friendly
web-based configuration screen.

> Suppose I am customer that runs firewall-1 as my main security defense and I
> was doing a market research for a new Internet mail server.

I think you miss the thrust of mjr's argument; the problems with mail
_servers_ can be addressed (whether they are or not); just get a secure one,
like qmail from Dan Bernstein, or the currently-under-development MTA from
Wietse Venema (the other two leading names, besides mjr, in security
programming). If you care about MTA security it's there for the downloading.
But how are you going to secure Mail _User_ agents (MUAs)? It's possible, as
far as I know, that someone who uses Netscape for their email might possibly
have some security, but I wouldn't bet on it; I think it's liklier that anyone
who reads email with netscape can have every file they can access shipped out
to an attacker, without them ever knowing it. It's not that the authors of
Netscape are malicious; they're just terribly terribly stupid. MSIE is far far
worse.

-Bennett