Full Disclosure mailing list archives
Re: Sony: No firewall and no patches
From: phocean <0x90 () phocean net>
Date: Wed, 11 May 2011 19:31:01 +0200
Le mercredi 11 mai 2011 à 17:15 +0000, Dobbins, Roland a écrit :
On May 12, 2011, at 12:09 AM, phocean wrote:I still don't see how the hell the typical web server will handle as much traffic as one of these Checkpoint, Cisco or whatever monsters.That's the dread secret - they aren't really 'monsters'.
When I look at the specs of high end machines of most makers, they are and they outmatch most of x64 servers. Do you mean they lie? I don't mean to defend them, I really don't care, but can you develop?
But on a large network with inter-vlan filtering, it matters a lot. Believe me, this one is based on my operational experience.Size <> complexity, complexity <> size. They are orthogonal concepts. Small networks can be complex, large networks can be simple.
Ok. First English is not my mother language, so I try to be precise but that not always easy :) Second, I am talking about rules sizes, not network sizes, and by complexity, I wanted to address the ease of administration. You will certainly agree that the more rules there are, the most risks there are of human mistake. Reducing rules by something like 70% in an improvment and an advantage that stateful can have.
I still trust more the network stack of a Linux/BSD/IOS dedicated box than the one of a Windows Server.Sure - but that has nothing to do with the 'sanity checks' and 'inspectors', which are custom-coded. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Sony: No firewall and no patches, (continued)
- Re: Sony: No firewall and no patches Cal Leeming (May 11)
- Re: Sony: No firewall and no patches Thor (Hammer of God) (May 12)
- Re: Sony: No firewall and no patches Peter Osterberg (May 11)
- Re: Sony: No firewall and no patches Pavel Kankovsky (May 15)
- Re: Sony: No firewall and no patches Bruno Cesar Moreira de Souza (May 12)
- Re: Sony: No firewall and no patches Michael Krymson (May 11)
- Re: Sony: No firewall and no patches phocean (May 11)
- Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
- Re: Sony: No firewall and no patches phocean (May 11)
- Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
- Re: Sony: No firewall and no patches phocean (May 11)
- Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
- Re: Sony: No firewall and no patches phocean (May 11)
- Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
- Re: Sony: No firewall and no patches phocean (May 11)
- Re: Sony: No firewall and no patches phil (May 11)
- Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
- Re: Sony: No firewall and no patches phil (May 11)
- Re: Sony: No firewall and no patches Tracy Reed (May 11)
- Re: Sony: No firewall and no patches Łukasz Bromirski (May 14)
- Re: Sony: No firewall and no patches Tracy Reed (May 16)