Re: Proxy 2.0 secure?

[tqbf () pobox com]

> I'm sorry you're attacking me, for we are actually in violent agreement

It is not my intention to attack you; I simply have problems with the
manner in which conclusions appear to have been reached in an article you
wrote.

> you that running a finite, known set of attacks against a properly
> configured device does *not* mean a device is secure.

You should be more careful with your wording. Running a finite number of
exploits or attack signature generators against a device does not mean
that a device is secure, in general or from the underlying vulnerabilities
exploited/assessed by your attack tools. 

> Also, a clarification: ISS Safesuite has multiple modules, including one
> that is intended for use against *firewalls,* not end-systems. It was this

NetSonar and CyberCop Scanner also have firewall testing modules (CCS
focusses on firewalls and routers) --- but I wouldn't rely on metrics from
either product to make conclusions about the security of a firewall
product. Apparently you agree, and I'm misunderstanding you, but I would
like to clarify the fact that this isn't an ISS vs. NAI issue (I think ISS
would agree with my logic here).

-----------------------------------------------------------------------------
Thomas H. Ptacek                           SNI Labs, Network Associates, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"