The Breach That's Shocking the Firewall Industry

[InfoSec News <isn () C4I ORG>]

http://www.businessweek.com/bwdaily/dnflash/may2000/nf00526f.htm?scriptFramed

The Breach That's Shocking the Firewall Industry

Network Associates' vaunted Gauntlet firewall system crumbled during
an outside engineer's routine audit

In an age of increasing hacker attacks, calling any computer-security
product "The World's Most Secure" would seem to be inviting disaster.
But that didn't stop Network Associates (www.nai.com) from proudly
making the claim about its flagship Gauntlet firewall system. In fact,
this month's issue of Network magazine gives Gauntlet its prestigious
"Security Product of the Year" award.

That was no consolation on May 19, when a San Diego computer engineer
found a flaw in Gauntlet while performing a routine security audit, BW
Online has learned. The flaw, if exploited, could allow hackers to
break into tens of thousands of supposedly protected computer
networks. The engineer, Jim N. Stickley, immediately notified Santa
Clara (Calif.)-based Network Associates and helped it come up with a
fix for the program.

But the breach was a shocker for the firewall industry as a whole. "If
companies that specialize in security can't write secure software,
what should we expect of the rest of the world?" says Elias Levy, the
chief technology officer of computer security Web portal
SecurityFocus.com (www.securityfocus.com).

NA quickly hustled out the corrective "patch" over the weekend of May
20-21. And Stickley says he still believes that the Gauntlet product,
despite the flaw he discovered, will frustrate the vast majority of
intruders. Still, the breach set off what NA says was a "massive
response," as its sales reps scrambled to notify thousands of Gauntlet
customers.

[...]

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".