Firewall Wizards mailing list archives
Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867)
From: Al Potter <apotter () icsalabs com>
Date: Wed, 09 Oct 2002 12:46:00 -0400
Ron, listmembers, et al: <trimmed greatly for brevity sake, but quoted directly> dufresne () sysinfo com said: dufresne () sysinfo com said:
Getting vendors to work with researchers in such instances would be a grand thing<TM> as opposed to reckless threats of legal retribution after they have been advised of the issues by the researcher<s> who discovered the issues.
I would like to point something out which folks may not understand, but find a little interesting about the relationship ICSA Labs has with its vendors (our customers): Assume a vendor is participating in our program, and attains certification (many do not). From that point in time, going forward until when the product is withdrawn from the market, or the the vendor withdraws from the program, the certified product is under ICSA Labs scrutiny and subject to retest. If we find (through our own investigation, or with subtle assistance like that provided by Mikael Olssen) that the product is no longer in compliance with certification requirements (see criteria link below), we communicate this to the vendor and ask for configuration assistance, assuming that we have misconfigured the product. 8-) In the event that the product actually has a problem, the vendor is given a formal deadline to bring the product back into compliance, or face loss of certification. In the past, and I have been personally involved with the firewall testing and certification program at ICSA Labs since early 1997, this has proved to be VERY effective. Unfortunately, this all happens "behind the curtain" in almost every case, so the security community may not be aware of it going on. I would also like to point out that because we have a business relationship with our customers, ie money changes hands, we have good, current lines of communication with our vendors almost all of the time. While we cannot make a blanket offer to test any and all issues reported against any and all of our vendor's products (we juggle finite resources like everybody else), we WILL offer to engage in a dialog with any researcher who thinks she has found something "interesting" related to one of our customer's products, and will offer to broker communications between any researcher and any of our customers. dufresne () sysinfo com said:
And we certainly could use more Mikeal's in this world.
Amen... AL If is isn't already obvious, I work for ICSA Labs Firewall Criteria: www.icsalabs.com/html/communities/firewalls/index.shtml We are currently testing against the 4.0 version of the criteria. -- +------------------------------------------------------------------------+ | Al Potter | | Manager, Network Security Labs | | ICSA Labs apotter () icsalabs com | | www.icsalabs.com PGP Key ID: 0x58c95451 | +------------------------------------------------------------------------+
Attachment:
_bin
Description:
Current thread:
- Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Mikael Olsson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 09)
- Message not available
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Marcus J. Ranum (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) R. DuFresne (Oct 08)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Al Potter (Oct 09)
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Paul D. Robertson (Oct 08)
- <Possible follow-ups>
- Re: Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Darren Reed (Oct 09)