Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Joseph Steinberg, sie wrote:
> > Tell me how any of those are going to find a buffer overflow in a new
> daemon someone writes
> > tomorrow with its own custom protocol ?
>
> Use an application-filtering tool/proxy that employs positive logic. Only
> requests that conform to what the daemon expects will be let to pass
> through. (You can protect the app-level-inspection engine with other types
> of security -- such as Air Gap)... 

So you're saying every piece of software that interacts with another via
the network is to be filtered through an application proxy/tool ?
I find that unacceptable.

How the heck do we know that this filter isn't buggy ?
Where are the gaurantees for it saying it has no buffer overflows ?

Simply deploying more layers between two parties does NOT fix the problem,
just attempts to hide it.

The problem here is quality of software (or lack thereof) and the ability
of vendors to legally provide/sell bugware.

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards