Full Disclosure mailing list archives

Re: Sony: No firewall and no patches

From: phocean <0x90 () phocean net>
Date: Wed, 11 May 2011 19:31:01 +0200

Le mercredi 11 mai 2011 à 17:15 +0000, Dobbins, Roland a écrit :

On May 12, 2011, at 12:09 AM, phocean wrote:

I still don't see how the hell the typical web server will handle as much traffic as one of these Checkpoint, Cisco 
or whatever monsters.


That's the dread secret - they aren't really 'monsters'.


When I look at the specs of high end machines of most makers, they are
and they outmatch most of x64 servers. Do you mean they lie?
I don't mean to defend them, I really don't care, but can you develop?

But on a large network with inter-vlan filtering, it matters a lot. Believe me, this one is based on my operational 
experience.


Size <> complexity, complexity <> size.  They are orthogonal concepts.  Small networks can be complex, large networks 
can be simple.


Ok. First English is not my mother language, so I try to be precise but
that not always easy :)
Second, I am talking about rules sizes, not network sizes, and by
complexity, I wanted to address the ease of administration. You will
certainly agree that the more rules there are, the most risks there are
of human mistake.
Reducing rules by something like 70% in an improvment and an advantage
that stateful can have.

I still trust more the network stack of a Linux/BSD/IOS dedicated box than the one of a Windows Server.


Sure - but that has nothing to do with the 'sanity checks' and 'inspectors', which are custom-coded.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

              The basis of optimism is sheer terror.

                        -- Oscar Wilde

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Sony: No firewall and no patches, (continued)
- - - Re: Sony: No firewall and no patches Cal Leeming (May 11)
    - Re: Sony: No firewall and no patches Thor (Hammer of God) (May 12)
    - Re: Sony: No firewall and no patches Peter Osterberg (May 11)
    - Re: Sony: No firewall and no patches Pavel Kankovsky (May 15)
    - Re: Sony: No firewall and no patches Bruno Cesar Moreira de Souza (May 12)
- Re: Sony: No firewall and no patches Michael Krymson (May 11)
  - Re: Sony: No firewall and no patches phocean (May 11)
    - Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
    - Re: Sony: No firewall and no patches phocean (May 11)
    - Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
    - Re: Sony: No firewall and no patches phocean (May 11)
    - Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
    - Re: Sony: No firewall and no patches phocean (May 11)
    - Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
    - Re: Sony: No firewall and no patches phil (May 11)
    - Re: Sony: No firewall and no patches Dobbins, Roland (May 11)
    - Re: Sony: No firewall and no patches phil (May 11)
    - Re: Sony: No firewall and no patches Tracy Reed (May 11)
    - Re: Sony: No firewall and no patches Łukasz Bromirski (May 14)
    - Re: Sony: No firewall and no patches Tracy Reed (May 16)