Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall configuration statistics

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 10 Jun 2003 08:07:48 +0530
On 07/06/03 00:42 +0100, Des Ward wrote:
<snip>

Is a firewall misconfigured if someone hacks through the web application
layer?  No, the firewall allows http/https traffic because we need it.  It's
the domain of the overall security strategy to prevent those attacks which
no firewall can stop.

Errrr? ALGs could stop some attacks (or if you can do some pattern
matching in the ALG, most of them). And layered security should involve
some level of layer 7 protocol validation.
I don't know about you, but I certainly would include a proxy based
firewall for publicly exposed applications (unless they have been
throughly audited for known bugs, and maybe even then).

Devdas Bhagat

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: