Mikael,
#Hmmmm... The average programmer screws up one to three times per thousand
#lines of code... Wonder how many lines of code the above amounts to??
#All in the same machine?
At least the same goes for every other product too;-) I would like to
disagree with you and say the Sidewinder is perfect but I'll leave that to
the salespeople. I think that since their major focus is security
(hopefully) that they would make fewer security holes in their product than
a programmer who's major purpose is functionality or new gimmicks. The
Sidewinder uses Type Enforcement and that confines exploitable security
holes to a specific domain. Each process runs in a domain and anything
done by that process must conform to the access allowed to that domain. Of
course, if there is an error in the Type Enformcement code, itself, then
your in trouble. This is one of the reasons I believe that firewalls
should run on trusted operating systems. By trusted, I mean having
mandatory access controls implemented. The only commercial firewalls that
do this right now (that I know of) are the Sidewinder, SecureZone,
Cyberguard, and an HP firewall calll Vault(?). Having Type Enforcement
allows me to run some services that are useful but may not be wise because
of exploits on the Sidewinder like DNS or Sendmail. If I still didn't like
the idea of running any services then I can just turn them off, anyways.
Thats the best I could do for a return flame since I pretty much agree with
what you said.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
