Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Sidewinder G2

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 20 Nov 2003 10:24:40 -0600
-----Original Message-----
From: Ron DuFresne [mailto:dufresne () winternet com] 
Sent: Thursday, November 20, 2003 9:21 AM
To: Schmehl, Paul L
Cc: full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Sidewinder G2 




3) What happens when Sidewinder fails?  Does it fail open?  

If it does 

(and it should), is their version of sendmail still 

protected?  Or is 

it sitting on the Internet bare-ass naked, waiting to be 0wn3d?


it should fail "closed", preventing any traffic from passing, 
otherwise you have a door stop.


Maybe your network policy states that, but I would prefer for single
point of failure devices to fail open, rather than closed.  For us,
network availability is a higher priority than protection is.  If the
firewall fails, I don't want the entire network down while we're waiting
for a vendor to fix it.  I'd be surprised if most networks aren't that
way.

Now, if it's something really critical *inside* the network that is
protected by a firewall, then you might want it to fail closed, but at
the edge?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: