Oh come now marcus, you don't expect us to let you get
away with *that* do you? :)
>It _may_ be the case that what you
>need to do is insane, risky, and unsafe regardless of whether
>or not there's a firewall there.
>One of the design goals of my first few firewalls was to
>build a secure gateway. I always believed (and still do)
>that a well-designed firewall should always err on the side
>of being more secure than not. So, the first firewalls I
>built didn't support services that I (and other smart people)
>couldn't think of ways to safely gateway into the networks
>the firewalls were trying to protect.
>The first firewall I built only supported a handful of
>services: Telnet, FTP, DNS, and NNTP. Those were the only
>ones I knew how to do securely at the time. Those are _STILL_
>the only ones I think anyone realistically knows how to
>secure;
I'm curious about how you made those protocols safe from
hijacking, client-side vulnerabilities, cache-poisoning, control
messages, etc, etc..
I am, of course, just picking on Marcus a little bit... he can take
it. :) The point is, none of those protocols are "secure". They're
just better understood and less likely to have client-side
holes (though not free of them.)
That doesn't excuse someone wanting to pass DCOM across a firewall...
Just trying to point out that the issue isn't so black-and-white.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
