Firewall Wizards mailing list archives
Re: Proxy 2.0 secure?
From: tqbf () pobox com
Date: Fri, 26 Jun 1998 01:04:02 -0500 (CDT)
The test covers the security performance of NT-based firewall systems in the ideal security environment, I agree. The test do not show how that could be expected to perform security-wise if you were moronic enough to leave gaping holes in your access mechanism via test accounts, alternate access paths and the like.
It would be silly to write an article comparing the security of firewalls by considering the many ways in which they can be misconfigured. Obviously, the Data Communications article is not referring to security holes brought on by misconfiguration --- they had the vendors configure the boxes for the test. Clearly, the security problems we are discussing here are design and implementation flaws, not configuration and management mistakes. So, I'll restate my point: network scanners are excellent tools for verifying the configuration of a firewall. The review of firewalls we're discussing is not about proper configuration. It's about whether software packages from various vendors are "secure", and it does absolutely nothing to verify whether this is the case or now. ISS makes no serious effort to verify that a firewall is implemented properly. Thus, since the testing methodology of this article is obviously completely flawed, you should not cite it as evidence that NT firewalls are secure (or not secure). The article is meaningless. ----------------------------------------------------------------------------- Thomas H. Ptacek SNI Labs, Network Associates, Inc. ----------------------------------------------------------------------------- http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: Proxy 2.0 secure?, (continued)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 25)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- Re: Proxy 2.0 secure? Mark Horn [ Net Ops ] (Jun 25)
- RE: Proxy 2.0 secure? Vanja Hrustic (Jun 25)
- RE: Proxy 2.0 secure? ark (Jun 25)
- RE: Proxy 2.0 secure? Stout, Bill (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Vanja Hrustic (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 25)
- Re: Proxy 2.0 secure? tqbf (Jun 26)
- Re: Proxy 2.0 secure? Kjell Wooding (Jun 26)
- Re: Proxy 2.0 secure? ark (Jun 26)
- RE: Proxy 2.0 secure? Choi, Byoung (Jun 26)
- Re: Proxy 2.0 secure? Gillian Steele (Jun 26)
- Re: Proxy 2.0 secure? Ted Doty (Jun 29)
- Re: Proxy 2.0 secure? Brian Steele (Jun 26)
- Re: Proxy 2.0 secure? Brian Steele (Jun 28)