RE: Firewall RISKS

["Sheldrake, Kevin" <kevin.sheldrake () baedsl co uk>]

I think that there has been some confusion that has clouded the argument.
Here are
my views:
a) My definition of a firewall is based on application-level proxies.
b) I support the notion of firewalls for most applications where two or more
systems are to
   be connected together where the sets of users or the trust of the users
differ between
   the systems.
c) I have more of an open mind than believing that firewalls are the only
way to provide
   security.
d) I believe that firewalls _should_ be more secure than the daemons that
they are protecting
   due to the following: i) daemons are generally quite complicated
programs; ii) the proxies
   on the firewall should attempt to protect against attacks on the daemons;
iii) Building a
   protocol interpreter is less complex than building a daemon that includes
a protocol
   interpreter; iv) The proxy should consist solely of a protocol
interpreter; v) the proxy should
   be tested by white-box and black-box methods using all known methods of
attack; vi) the
   testing, therefore, of the proxy is more security targetted than the
testing of a daemon
   (which would, inevitably, involve much testing of the daemon's
functionality); vii) it is this
   targetted development and testing that I believe makes the firewalls I
have described
   more secure than the daemons alone.
e) Stephen P. Berry probably disagrees with d above.  I am prepared to
disagree with his
   views.
f) I have no interest in continuing this discussion.  It appears that
Stephen P. Berry has
   repeatedly misunderstood my views and, probably, that I have
misunderstood his.
g) I agree that application-level daemons can be made more secure but I
don't see anyone
   actually doing this to the level to which I would trust them completely.

Kev

Kevin Sheldrake
CCIS Prototypes and Demonstrations
British Aerospace Defence Systems
[+44 | 0] 1202 408035, kevin.sheldrake () baedsl co uk