Firewall Wizards mailing list archives

Re: SANS Top Ten and Commercial Firewalls

From: "Ryan M. Ferris" <rferris () rmfdevelopment com>
Date: Thu, 3 Oct 2002 14:47:16 -0700

An interesting variant on this is the DARPA sponsered Linux compiler that
compiles software (including Linux) without some of the known security
loopholes found in ordinary C compilers:

www.immunix.org

This is probably no substitute for careful validation and verification of
the code with respect to security guidelines (i.e. NIST common criteria,
etc.), however it is another good tool to prevent the deployment of insecure
code.

Without extensive black box testing, I don't know how you would do this on
software for which you don't have the source.

Ryan M. Ferris
rferris () rmfdevelopment com

----- Original Message -----
From: "m p" <sumirati () yahoo de>
To: "Anton A. Chuvakin" <anton () chuvakin org>
Cc: <firewall-wizards () honor icsalabs com>
Sent: Thursday, October 03, 2002 10:42 AM
Subject: Re: [fw-wiz] SANS Top Ten and Commercial Firewalls

--- "Anton A. Chuvakin" <anton () chuvakin org> schrieb: > Devdas and all,


Just out of curiousity.

proftpd, vsftpd, pureftpd
...
Postfix/Qmail
...


Is there any evidence that helps decide whether its more secure because
its written better or because its used less?


Hi Anton,

there are programs out there which were written with security in mind. As

there

are postfix, qmail, djbdns, daemontools, tcpwrappers, ....

Those are believed to be secure (and checked/reviewed) by many people.

The argument "because it is used less" should be carefully mentioned. Now
Netware is seldom used - but as showed on the blackhat conference in Vegas

this

year there are many ways to gain more access than what you were granted

...


Marc




__________________________________________________________________

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: stealth ports and IDS, (continued)
- - - Re: stealth ports and IDS Jim MacLeod (Oct 03)
    - RE: stealth ports and IDS Ben Nagy (Oct 04)
    - RE: stealth ports and IDS Frank Knobbe (Oct 04)
  - Re: SANS Top Ten and Commercial Firewalls Anton A. Chuvakin (Oct 03)
    - Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 03)
    - Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls Paul Robertson (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls m p (Oct 03)
    - Re: SANS Top Ten and Commercial Firewalls Ryan M. Ferris (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Kevin Steves (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls George J. Jahchan (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls ark (Oct 04)
  - Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls ark (Oct 04)
    - Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- RE:SANS Top Ten and Commercial Firewalls manatworkyes moderator (Oct 02)
  - Re: SANS Top Ten and Commercial Firewalls Kevin Steves (Oct 03)
  - Re: SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls manatworkyes moderator (Oct 04)

(Thread continues...)