Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability Response (was: BGP TCP RST Attacks)

From: "M. Dodge Mumford" <dodge () dmumford com>
Date: Tue, 1 Jun 2004 12:00:33 -0400
Paul D. Robertson said:

If it can't be attacked, then arguably, it doesn't need to be fixed.


That sentiment surprises me a bit. It appears to me to violate the concept
of defense in depth. Blocking the exploit path to a vulnerability may
mitigate the risk greatly, but the vulnerability still remains. In your
instance, the exploit path would involve attacking your host operating
system that's performing the firewalling. 

I would think the point of mitigating the risk is to buy you time to fix the
vulnerability. That "time to fix" may be "until Longhorn is released." Which
assumes that Longhorn (or, broadly, version++) will fix the vulnerability.



-- 

Dodge

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: