Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: Adam Shostack <adam () homeport org>
Date: Tue, 7 Aug 2001 16:44:24 -0400
On Tue, Aug 07, 2001 at 04:28:16PM -0400, Joseph Steinberg wrote:
| >Tell me how any of those are going to find a buffer overflow in a new
| daemon someone writes
| > tomorrow with its own custom protocol ?
|
| Use an application-filtering tool/proxy that employs positive logic. Only
| requests that conform to what the daemon expects will be let to pass
| through. (You can protect the app-level-inspection engine with other types
| of security -- such as Air Gap)...
I don't see how your "Gap" protects a custom protocol, unless you
spend the time and money to write a custom proxy. My experience is
that most shops will end up using a generic plug service. If you want
to invest resources in a custom protocol, then invest in securing the
code on both ends, not in the middle.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Balazs Scheidler (Aug 11)
- <Possible follow-ups>
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Scott, Richard (Aug 07)
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Scott, Richard (Aug 10)