Mikael Olsson wrote:
>
> Yeah, but people shouldn't just assume that.
Agreed. I was just commenting on what Joe Public tends to do. It feels
like pop culture has infected network security. Instead of making sure the
person choosing a firewall and administering it is qualified, people with
absolutely no business deciding what is or is not a "secure" firewall are
making these decisions based on marketing hype and useless evaluations.
> Firewalls tend to block plain TCP connections to port X if
> you tell them to do it. The problems start cropping up when the
> attacker isn't quite that cooperative. Things that should be
> part of firewall evals, but aren't to my knowledge, is:
>
<snip>
The major problem here, I think, lies not in a firewall's ability to stop
that which you tell it to (I think there is little doubt that if you tell a
firewall to deny absolutely everything, it will do so... Of course, I could
get in to Checkpoint's hidden Implied Pseudo-Rules and thus the need to know
how to use the product you are working with), but when you allow SMTP to
pass through your firewall, how sure are you that this is the only thing the
firewall is going to let through?
Firewall vendors claim different methods of doing this, from stateful
inspection to stateful packet filtering to ALG's. The point is, do these
things work properly, *out-of-the-box* without having to bring in an expert
to make it work the way it can?
"Is <insert your favorite firewall here> secure?" "Yes. It does <feature>,
<feature>, <feature> in all of our tests and has proven to be secure."
So what? Do I have to hack the default install to make it that secure?
Perhaps there should be (and forgive this term) a common evaluation criteria
that is based on out-of-the-box installs. This would give people a common
set of standards to compare products to so they know what they are getting
in to.
(I too will now step down)
-Ryan
>
> --
> Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
> Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
> Mobile: +46-(0)70-66 77 636
> WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
