Firewall Wizards mailing list archives
Re: Leader in firewall product
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 18 Sep 2000 13:18:55 -0400
Eh? Gauntlet is less secure than everything mentioned so far?
Like everything else, Gauntlet had its share of flaws.
Would you be so kind as to explain exactly why you feel this to be the case? IIRC: once-upon-a-time, Gauntlet was regarded by many as being the *most* robust of firewall products, security-wise.
The design was conservative and (in my opinion) pretty decent. But there were a few implementation flaws and conceptual flaws, as well. We added proxy transparency in 3.0, and at that point I felt that the security of the system took a big leap downward - when you've got a firewall that's basically transparent to the end user, it's also basically transparent to a trojan horse. I always hated that but it was market pressure. Nobody was buying non-transparent firewalls; nobody would, today. There were two components of the firewall proxies that desperately needed a code review and never got one: the http proxy and the X-Window proxy. They did a lot of complex string-pounding and would have been a great breeding ground of buffer overruns, etc. In those days, things like stack guard weren't available, and I always wanted to figure out a way to harden the processes so they couldn't be buffer overrun'd but never had time. :( There were a lot of places in Gauntlet that could have used considerable shoring up, but we were always overloaded and never had time to get back to them. mjr. ----- Marcus J. Ranum Chief Technology Officer, Network Flight Recorder, Inc. Work: http://www.nfr.net Personal: http://www.ranum.com _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: Leader in firewall product, (continued)
- Re: Leader in firewall product Magosányi Árpád (Sep 14)
- Re: Leader in firewall product Jim Seymour (Sep 16)
- Re: Leader in firewall product Darren Reed (Sep 18)
- Re: Leader in firewall product Magosányi Árpád (Sep 18)
- Re: Leader in firewall product Rick Murphy (Sep 18)
- Re: Leader in firewall product John Alsop (Sep 19)
- Re: Leader in firewall product Rick Murphy (Sep 19)
- Re: Leader in firewall product Marcus J. Ranum (Sep 20)
- Re: Leader in firewall product Jim Seymour (Sep 16)
- Re: Leader in firewall product Magosányi Árpád (Sep 19)
- Re: Leader in firewall product Rick Murphy (Sep 19)
- Re: Leader in firewall product Magosányi Árpád (Sep 14)
- Re: Leader in firewall product Marcus J. Ranum (Sep 18)
- RE: Leader in firewall product Laura Taylor (Sep 18)
- Re: Leader in firewall product Magosányi Árpád (Sep 19)
- Re: Leader in firewall product Steven Ackerman (Sep 20)
- RE: Leader in firewall product Frank Pawlak (Sep 20)