Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: tqbf () pobox com
Date: Thu, 2 Jul 1998 20:17:24 -0500 (CDT)
I'm sorry you're attacking me, for we are actually in violent agreement
It is not my intention to attack you; I simply have problems with the manner in which conclusions appear to have been reached in an article you wrote.
you that running a finite, known set of attacks against a properly configured device does *not* mean a device is secure.
You should be more careful with your wording. Running a finite number of exploits or attack signature generators against a device does not mean that a device is secure, in general or from the underlying vulnerabilities exploited/assessed by your attack tools.
Also, a clarification: ISS Safesuite has multiple modules, including one that is intended for use against *firewalls,* not end-systems. It was this
NetSonar and CyberCop Scanner also have firewall testing modules (CCS focusses on firewalls and routers) --- but I wouldn't rely on metrics from either product to make conclusions about the security of a firewall product. Apparently you agree, and I'm misunderstanding you, but I would like to clarify the fact that this isn't an ISS vs. NAI issue (I think ISS would agree with my logic here). ----------------------------------------------------------------------------- Thomas H. Ptacek SNI Labs, Network Associates, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: Proxy 2.0 secure? Brian Steele (Jul 01)
- <Possible follow-ups>
- Re: Proxy 2.0 secure? David Newman (Jul 01)
- Re: Proxy 2.0 secure? tqbf (Jul 03)
- Re: Proxy 2.0 secure? John McDermott (Jul 01)
- Re: Proxy 2.0 secure? Brian Steele (Jul 02)
- Re: Proxy 2.0 secure? David Newman (Jul 03)
- RE: Proxy 2.0 secure? ICMan (Jul 07)
- RE: Proxy 2.0 secure? David Newman (Jul 07)