Firewall Wizards mailing list archives
RE: Question about CyberGuard
From: David Bonn <David.Bonn () watchguard com>
Date: Wed, 24 Dec 1997 11:18:17 -0800
Gary == "Gary Crumrine" <gcrum () us-state gov> writes:
Gary> Have you used the watchguard product??? It has several holes in it..and Gary> crashes repeatedly under loads of over 4 users on concurrently... Not a Gary> good thing... Company admits it is a bug... First off, I'm running behind a WG with 17 users currently logged in (not bad for xmas eve morning). I'm not saying there aren't bugs in WG (or any firewall), and I'm not saying that we haven't had crashes in WG, but I don't know of any problem where a load of 4 users crashes WG. A check of support call logs reveals that no one has reported such a problem to our tech support people. As best as I can check on a holiday morning nobody who works here has reported or submitted such a bug. I do know that we have more than a few customers with several thousand users behind a red box. For obvious reasons, I'd like to hear about the holes in WG. Do you have specific knowledge of such holes? All software products have bugs, and security products have security-related bugs. Though we have tested out pretty well on security tests in various environments (of course, that and a thousand bucks will buy you a copy of Windows NT server). Given our design approach I believe that WG is pretty darned secure. We run in an extremely stripped-down environment. No shells, no network daemons, no way for other user processes to run. The out-of-the-box configuration (after running our wizard) is quite secure (only proxied SMTP and DNS are allowed to the internal network, HTTP and FTP may be allowed to a host on a DMZ network). Unless a user edits the configuration directly with a text editor or allows a busted network service (rsh, rlogin, SNMP, the list is really endless) through the red box, it should stay that way. It really is a "stance" issue. Most NT or Unix-based firewalls require that the installer do various nontrivial things (install OS patches, alter system configuration files, et al) to get a secure configuration. WG systems require that the installer do nontrivial things to make the configuration insecure. David Bonn VP Engineering, Watchguard Technologies, Inc. david.bonn () watchguard com
Current thread:
- Question about CyberGuard Gibson, Brian (Dec 03)
- Re: Question about CyberGuard Icefox@Home (Dec 23)
- <Possible follow-ups>
- RE: Question about CyberGuard David Bonn (Dec 24)
- WatchGuard Firebox was RE: Question about CyberGuard Mark Teicher (Dec 25)