> At 10:09 AM 5/28/99 , Larry Claman wrote: > > I won't comment on this, other than > >to say that many (most) security experts still distrust NT. > > And why is that, exactly? Is this distrust based on an analysis of how > the > firewall and OS interact? If someone wants to argue that the OS has a > major role in determining the performance and stability of a firewall > platform, I'll allow that as given. But if someone tells me the OS > affects > the security of the firewall, then I'd be interested in knowing *why* they > believe that's true. No points given for "because it's NT". :-) > > [Kunz, Peter] Because if you build a firewall on a lousy OS, attacking > the OS will make the firewall crumble, no matter how good the FW itself > is. If a simple NT DoS attack brings down any NT box, what will keep it > form bringing down the FW? > > Hypothetically, suppose there was a firewall that had code sitting right > about the network drivers that grabbed the packets, processed them, and > sent them back down to the network drivers. From a security perspective, > would you be concerned about the OS or the firewall code? > > [Kunz, Peter] If it's coming from MS, yes, I would. Ms has demonstrated > that a) they can't code properly and b) don't really care about security. > Luckily, b) has supposedly started to shift a little. Btw, isn't the > solution you're referring to available in some CISCO routers already? > > > [Kunz, Peter] And I welcome anyone to open the Open Source discussion :-) > > cu > -pete > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
