Firewall Wizards mailing list archives
Trust (was RE: Antwort: Re: Facts, not Fiction)
From: "Stout, William" <StoutW () pios com>
Date: Mon, 17 Nov 1997 20:22:05 -0500
One can't prove security, just less comparative risk. Even the famous MJR wire-cutter firewall only _reduces_ the security risk by presenting one less entry point. It also helps to have an understanding of how proxies work, and how packet filters work. Discussions such as 'SPF vs. proxy' discussions compare different architectures and levels of risk. One turning out to have less risk than another by ensuring complete packet rewrites and enforcing correct application-level behavior. (Jab, twist). ;) Is your question can you trust pre-compiled binaries? Politically you have to, realistically you can't without peer-reviewable source. I have to differ with Bennett and Marcus about DOS bugs and the like being quietly fixed before they're exploited, since not everyone religiously patches their systems. Many production folk either do a 'set and forget' not wanting to fix something that works, or have religious reasons not to apply patch until some experience is had by others that did patch. Bill Stout
Current thread:
- Trust (was RE: Antwort: Re: Facts, not Fiction) Stout, William (Nov 20)
- Re: Trust (was RE: Antwort: Re: Facts, not Fiction) Bennett Todd (Nov 21)