Firewall Wizards mailing list archives
Re: FW-1 technical strength
From: cbrenton <cbrenton () sover net>
Date: Mon, 28 Dec 1998 11:45:22 -0500 (EST)
On Sat, 26 Dec 1998 jgalvin () cs loyola edu wrote:
I agree that these settings should be known by knowledgeable administrators, but to issue a security advisory against them is too strong;
I have to disagree. A default firewall config that will pass inbound traffic *and* do so without logging deserves the high public attention that is only provided by an advisory. Its not like CP has taken action to resolve the issue.
these settings are useful in some environments.
Again, I have to disagree. I can not think of too many situations which it is appropriate to allow inbound traffic without a log entry.
They are also documented as capabilities of the machine, not as bugs.
I don't even want to go there... ;) Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- FW-1 technical strength Philip R. Moyer (Dec 18)
- <Possible follow-ups>
- Re: FW-1 technical strength Ryan Russell (Dec 22)
- Re: FW-1 technical strength Darren Reed (Dec 26)
- Re: FW-1 technical strength jgalvin (Dec 28)
- Re: FW-1 technical strength cbrenton (Dec 28)
- Re: FW-1 technical strength Kevin Steves (Dec 28)
- Re: FW-1 technical strength Darren Reed (Dec 26)
- RE: FW-1 technical strength Stout, Bill (Dec 29)