Firewall Wizards mailing list archives
Re: Proxy 2.0 secure? (AG vs. SPF)
From: Bennett Todd <bet () mordor net>
Date: Tue, 7 Jul 1998 11:56:32 -0400
1998-06-30-10:12:01 Ryan Russell:
--- but they have increased vulnerability to problems in other IP stacks, because they are allowing remote hosts to communicate directly with those stacks.I disagree with this assumption. Current SPF implementations do this. It doesn't mean someone couldn't write a better one.
In other words, you're banking your arguments about the superiority of stateful packet filtering on the fantasy that someone will write an SPF that does fragment reassembly, options stripping, and all the other implicit cleanup that's done by the IP stacks for application gateways. Go for it. Maybe you're right; people have wasted the time and effort to write some amazingly awful dreck, and people contine to waste even more time and effort attempting to run it; there are a lot of sick pups out there. But I'll betcha that even if someone _does_ what you propose --- write an entire IP stack, with application proxies and everything, as state transition rules for an SPF --- that the result will not be more secure than current application gateway firewalls. Rather, you'll have a vastly more complex implementation, which means more bug-ridden, and far harder to maintain and enhance in the face of changing demands. That definitely sounds like a market-leading product in today's market, I'll agree. I still won't use it. And I won't expect it to be more secure. -Bennett
Current thread:
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 01)
- <Possible follow-ups>
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 02)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 03)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Marc Heuse (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 08)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Paul D. Robertson (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Joseph S. D. Yao (Jul 08)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) tqbf (Jul 12)
- Re: Proxy 2.0 secure? (AG vs. SPF) Ryan Russell (Jul 07)
- Re: Proxy 2.0 secure? (AG vs. SPF) Bennett Todd (Jul 07)
(Thread continues...)