Full Disclosure mailing list archives
Re: Sidewinder G2
From: Shawn McMahon <smcmahon () eiv com>
Date: Thu, 20 Nov 2003 12:10:27 -0500
Schmehl, Paul L wrote:
Maybe your network policy states that, but I would prefer for single point of failure devices to fail open, rather than closed. For us, network availability is a higher priority than protection is. If the firewall fails, I don't want the entire network down while we're waiting for a vendor to fix it. I'd be surprised if most networks aren't that way.
The problem with this, as I'm sure you know (but it bears repeating for the peanut gallery) is that it turns any DoS on your firewall into an instant security hole. That escalates the severity of DoS bugs on the firewall, which greatly increases the need to upgrade it when they're found, which can increase your downtime.
Attachment:
_bin
Description:
Current thread:
- RE: Sidewinder G2, (continued)
- RE: Sidewinder G2 Mike Fratto (Nov 20)
- RE: Sidewinder G2 Ron DuFresne (Nov 25)
- RE: Sidewinder G2 Mike Fratto (Nov 18)
- RE: Sidewinder G2 Michal Zalewski (Nov 19)
- RE: Sidewinder G2 Perrymon, Josh L. (Nov 18)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- Re: Sidewinder G2 Michael Gale (Nov 18)
- Re: Sidewinder G2 Valdis . Kletnieks (Nov 18)
- RE: Sidewinder G2 Kruse, Steve (Nov 18)
- Re: Sidewinder G2 Michaelmas (Nov 18)
- RE: Sidewinder G2 Schmehl, Paul L (Nov 20)
- Re: Sidewinder G2 Shawn McMahon (Nov 20)
- Re: Sidewinder G2 Michael Gale (Nov 20)
- RE: Sidewinder G2 Ron DuFresne (Nov 20)
- Re: Sidewinder G2 Shawn McMahon (Nov 20)