Full Disclosure mailing list archives
RE: Sidewinder G2
From: "Kruse, Steve" <Steve.Kruse () lakelandgov net>
Date: Tue, 18 Nov 2003 11:14:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My $.02 worth with a disclaimer: I previously worked for Secure Computing. I have no vested interest in them now; I don't even own stock in SCC any more. With that said... Part of Secure Computing's problem over the years is their inability to make the Type Enforcement(TE) and Mandatory Access Control technology understandable to the masses. The Sidewinder technology, and its use of TE to sandbox those few services it does run, makes the device (so far at least) impossible to break through. There isn't a "root" to own in a running box. Even if you could successfully do something to sendmail, the very WORST that could happen is your mail would be broken. Nothing else is or could be in any way compromised. An earlier post (see Paul Niranjan's) in this thread pointed out quite well why there should be no fear. While the article that was posted had a lot of marketing overtones (to put it nicely,) what was said is correct. The version of sendmail is small and so tightly locked down that it is unlikely to be exploitable in any fashion. No root or elevation in privilege is possible. No way to break through to other services including the core firewall operations or rule sets. Sidewinder is trusted in some of the most intensely secure places within the government and industry, and I don't know of any successful hacks against it. Repeated "hacker challenges" by Secure Computing against the Sidewinder have proven it hasn't been compromised. If someone can prove they've broken through one OTHER than through the stupidity of someone configuring a rule wrong, I'd sure love to hear about it. I believe in Sidewinder to the max after having worked with them for awhile. Before you dismiss the Sidewinder, you really should spend some time up on their web site, and in particular read a couple of their white papers on Type Enforcement. That may help you understand the technology behind it a little better. The Sidewinder isn't cheap and it isn't the fastest, but it is one of the most secure around. If a gazillion packets a second gets you hot and bothered, go with someone else. If high security does it for you, Sidewinder is a better choice. Ok...so maybe that was $.03 worth! Sorry. Steve Kruse J. Stephen Kruse, CISSP Chief Information Security Officer City of Lakeland, Florida http://www.lakelandgov.net mailto:steve.kruse () lakelandgov net PGP Fingerprint: 20FF 54A6 AFA0 5492 8830 9687 3314 D77D DFC7 D848
-----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Tuesday, November 18, 2003 9:54 AM To: Michael Gale Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Sidewinder G2 On Mon, 17 Nov 2003 15:44:01 MST, Michael Gale <michael () bluesuperman com> said:I believe two of the most secure firewalls are Cisco Pix and the BorderWare Firewall. Cisco does not offer any services andBorderwareoffers a few for small business and are very restrictive.For a machine that doesn't have any services, the Cisco PIX is infamous for breaking SMTP. Google for 'cisco pix smtp' and let me know if you still think the PIX doesn't have services on it.
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBP7pFXTMU133fx9hIEQJsZwCg7j7mLmvhBiE875iiKDuVoE7JEbMAn2XQ 1Xqqebh00XrTiBnNBs4hjh8c =GUfB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Sidewinder G2, (continued)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Message not available
- Message not available
- Re: Sidewinder G2 Michael Gale (Nov 18)
- RE: Sidewinder G2 Ron DuFresne (Nov 20)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Re: Sidewinder G2 Michael Gale (Nov 18)
- RE: Sidewinder G2 Brent J. Nordquist (Nov 18)
- Re: Sidewinder G2 David Maynor (Nov 18)
- Re: Sidewinder G2 Brent J. Nordquist (Nov 18)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Re: Sidewinder G2 David Maynor (Nov 18)