Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: Adam Shostack <adam () homeport org>
Date: Tue, 7 Aug 2001 16:44:24 -0400
On Tue, Aug 07, 2001 at 04:28:16PM -0400, Joseph Steinberg wrote: | >Tell me how any of those are going to find a buffer overflow in a new | daemon someone writes | > tomorrow with its own custom protocol ? | | Use an application-filtering tool/proxy that employs positive logic. Only | requests that conform to what the daemon expects will be let to pass | through. (You can protect the app-level-inspection engine with other types | of security -- such as Air Gap)... I don't see how your "Gap" protects a custom protocol, unless you spend the time and money to write a custom proxy. My experience is that most shops will end up using a generic plug service. If you want to invest resources in a custom protocol, then invest in securing the code on both ends, not in the middle. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Balazs Scheidler (Aug 11)
- <Possible follow-ups>
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Joseph Steinberg (Aug 07)
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Scott, Richard (Aug 07)
- RE: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Scott, Richard (Aug 10)