Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: "Brian Steele" <steele_b () spiceisle com>
Date: Thu, 25 Jun 1998 15:50:17 -0400
Real-world testing is *not* running a scanner against firewall/unix/whatever. Can Safesuite tell you if ns.nasa.gov has a username 'test' with password 'nasa'? Of course not, but in 'real world', you *could* try that as well. In 'real world', you can have 20.000$ firewall on internet 'side', but you also can have small, forgotten unix machine connected to x.25 with test/test account, in example... Plenty of other 'real-world' examples.
The test covers the security performance of NT-based firewall systems in the ideal security environment, I agree. The test do not show how that could be expected to perform security-wise if you were moronic enough to leave gaping holes in your access mechanism via test accounts, alternate access paths and the like. But should they? I think we may be mixing up the testing of an application's security control mechanisms with a company's security implementation utilizing that application. Or looking at it from another direction, if someone implements MSP 2.0 and then removes all packet filtering, is this security hole the fault of MSP 2.0 or the sysadmin who removed the filters? Brian Steele
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? tqbf (Jun 25)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 25)
- Re: Proxy 2.0 secure? Mark Horn [ Net Ops ] (Jun 25)
- RE: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- RE: Proxy 2.0 secure? ark (Jun 25)
- RE: Proxy 2.0 secure? Stout, Bill (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)