> The _Next_ question -- the one people _Need_ to ask -- is
> "Why is this software I am using so braindamaged it needs to be
> firewalled?"
>
> That's the _Real_ question. Not "how do I make DCOM work with
> Gauntlet" but rather "why is DCOM not designed to work in a
> hostile environment?" I read Jen's mail and thought, "hmm, why
> is this person complaining about Gauntlet? They should be complaining
> about braindamaged protocols from vendors!"
Hello!
I'm even less than a security novice, but I have been tasked to build a
client-server application with a custom protocol that will need to
traverse various firewalls at the client's LAN's. Of course the LAN
admins will get the bends when I tell them I need a hole, but I have
been reading this thread, and much other security stuff over the past
months, and I have asked this question on this forum and others: why do
applications have so many holes? I keep my protocols as simple as
possible, and I make sure I can handle buffer overflow attacks. Why does
my application need a firewall? I'm much more afraid of someone
trojan-ing my client apps to re-direct data, or keyboard sniffers and
the like. If one of the clients is compromised in this way, the whole
application could be compromised. I'm at the mercy of the security
practices (or lack thereof) at each LAN. What do I do?
-Andy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
