Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW-1 technical strength

From: cbrenton <cbrenton () sover net>
Date: Mon, 28 Dec 1998 11:45:22 -0500 (EST)
On Sat, 26 Dec 1998 jgalvin () cs loyola edu wrote:


I agree that these settings should be known by knowledgeable
administrators, but to issue a security advisory against them is too
strong;


I have to disagree. A default firewall config that will pass inbound
traffic *and* do so without logging deserves the high public attention
that is only provided by an advisory. Its not like CP has taken action to
resolve the issue.


these settings are useful in some environments.


Again, I have to disagree. I can not think of too many situations which it
is appropriate to allow inbound traffic without a log entry.


They are also
documented as capabilities of the machine, not as bugs.


I don't even want to go there... ;)

Cheers,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Previous By Date Next
Previous By Thread Next

Current thread: