Firewall Wizards mailing list archives
Re: MISSI X31 results
From: Rick Smith <rsmith () visi com>
Date: Tue, 7 Oct 1997 21:53:13 -0500
I haven't talked to anyone at X about the Firewall-1 report, but I can shed some light on the process: 1) They get a copy of said firewall. 2) They examine all available descriptions of the firewall's capabilities and produce a list of "Vendor Claims." Individual claims may or may not correspond to a feature you desperately want to know about. Capabilities won't be tested unless the test team sees the capabilities as "Vendor Claims" and has time to test them. They avoid using proprietary information like internal design documents -- everything is based on product documentation and marketing descriptions. 3) They test every Vendor Claim they have time to, plus they run whatever penetration tests they find interesting. 4) They generate a draft report of their results. 5) They submit it to the vendor for review. They will *not* post the results until the vendor and X agree on the contents. This was not a fast thing with the Sidewinder report simply because the thing was so long. We had 3 or 4 engineers read it over and check everything before the final thing went out. The Firewall 1 report might be snagged on Step 5, and it could be for any number of reasons, be they technical, political, or bureaucratic. The latter is especially possible if the state department is involved in the review as well as NSA/X and the vendor. Rick. smith () securecomputing com
Current thread:
- MISSI X31 results Bill Stout (Oct 04)
- Re: MISSI X31 results Frank Willoughby (Oct 06)
- Re: MISSI X31 results Alfred Huger (Oct 06)
- Message not available
- Re: MISSI X31 results Frederick M Avolio (Oct 07)
- Re: MISSI X31 results Alfred Huger (Oct 09)
- Re: MISSI X31 results Frank Willoughby (Oct 06)
- Re: MISSI X31 results Rick Smith (Oct 09)
- <Possible follow-ups>
- Re: MISSI X31 results Bill Stout (Oct 06)
- Re: MISSI X31 results Bill Stout (Oct 07)
- Re: MISSI X31 results Alfred Huger (Oct 09)