Dailydave mailing list archives

Re: This just in: Firewalls are obsolete

From: <rdump () river com>
Date: Tue, 12 Jul 2005 11:20:18 -0600

At 00:59 +0200 on 2005-07-12, Florian Weimer wrote:

For complex protocols, you need one implementation which gets it
right, not two or more which come close, but not close enough.



Better, you need one proxy implementation (which gets it right) of the
protocol subset which you wish to allow through your perimeter.

This just moves the complexity into HTTP sanitization, however.  Is that
still a net win, given the new location (proxy) for implementation bugs?

Perhaps the single point of control, and reduction in protocol complexity,
still helps if you have clients that are, for all practical purposes,
unrepairable.


Richard
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: This just in: Firewalls are obsolete, (continued)
- - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
  - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete Blue Boar (Jul 11)
    - Re: This just in: Firewalls are obsolete I)ruid (Jul 12)
  - Re: This just in: Firewalls are obsolete rdump (Jul 12)
- Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
  - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete Gadi Evron (Jul 11)
    - Re: This just in: Firewalls are obsolete Florian Weimer (Jul 11)
    - Re: This just in: Firewalls are obsolete byte_jump (Jul 12)
  - Re: This just in: Firewalls are obsolete Derek Vadala (Jul 11)
  - Re: This just in: Firewalls are obsolete Daniele Muscetta (Jul 12)
    - Re: This just in: Firewalls are obsolete dan (Jul 12)
- Re: This just in: Firewalls are obsolete nakona () alltel net (Jul 13)
  - Re: Re: This just in: Firewalls are obsolete Gadi Evron (Jul 13)

(Thread continues...)