Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867)

[Al Potter <apotter () icsalabs com>]

Ron, listmembers, et al:

<trimmed greatly for brevity sake, but quoted directly>

dufresne () sysinfo com said:

dufresne () sysinfo com said:
>  Getting vendors to work with researchers in such instances would be a
> grand thing<TM> as opposed to reckless threats of legal retribution
> after they have been advised of the issues by the researcher<s> who
> discovered the issues.



I would like to point something out which folks may not understand, but 
find a little interesting about the relationship ICSA Labs has with its 
vendors (our customers):


Assume a vendor is participating in our program, and attains certification 
(many do not).  From that point in time, going forward until when the 
product is withdrawn from the market, or the the vendor withdraws from the 
program, the certified product is under ICSA Labs scrutiny and subject to 
retest.

If we find (through our own investigation, or with subtle assistance like 
that provided by Mikael Olssen) that the product is no longer in 
compliance with certification requirements (see criteria link below), we 
communicate this to the vendor and ask for configuration assistance, 
assuming that we have misconfigured the product.  8-)

In the event that the product actually has a problem, the vendor is given 
a formal deadline to bring the product back into compliance, or face loss 
of certification.

In the past, and I have been personally involved with the firewall testing 
and certification program at ICSA Labs since early 1997, this has proved 
to be VERY effective.  Unfortunately, this all happens "behind the 
curtain" in almost every case, so the security community may not be aware 
of it going on.


I would also like to point out that because we have a business 
relationship with our customers, ie money changes hands, we have good, 
current lines of communication with our vendors almost all of the time.



While we cannot make a blanket offer to test any and all issues reported 
against any and all of our vendor's products (we juggle finite resources 
like everybody else), we WILL offer to engage in a dialog with any 
researcher who thinks she has found something "interesting" related to 
one of our customer's products, and will offer to broker communications 
between any researcher and any of our customers.


dufresne () sysinfo com said:
>  And we certainly could use more Mikeal's in this world.

Amen...




AL

If is isn't already obvious, I work for ICSA Labs

Firewall Criteria: www.icsalabs.com/html/communities/firewalls/index.shtml
We are currently testing against the 4.0 version of the criteria.

-- 
+------------------------------------------------------------------------+
| Al Potter                                                              |
| Manager, Network Security Labs                                         |
| ICSA Labs                                         apotter () icsalabs com |
| www.icsalabs.com                                PGP Key ID: 0x58c95451 |
+------------------------------------------------------------------------+

Attachment: _bin
Description: