Ben,
Actually, I have been watching the Gore Contest on CSPAN and picking up a little
legalese. ;-) You are on point as usual Mr. Nagy.
In the perfect world it would be nice if at least a portion of our products core could
be "externalized". Others in the industry have been able to use that capability to
allow third party developers the opportunity to add functionality. But that
functionality comes with a price. And given the high standards of my organization I'm
not sure as many developers would measure up.
I do agree with you. Security by obscurity is not how we want to come to market with
the PIX. Purpose built, high performance with good resiliency and application support
is a much better position.
And please remember the season. It is Christmas and those marketing folks are people
too.. Be kind and go out to dinner with them and make them feel good around the
holidays. Spread some cheer (on their Amex)!
Best Regards,
Brian
At 01:00 PM 12/4/2000 +1030, Ben Nagy wrote:
>White man speak with forked tongue.
>
>The virtue of the "dedicated OS" on the PIX is that it's small and was
>purpose built to do firewalling stuff. Not that it's closed source. That bit
>sucks.
>
>It's long been acknowledged that security through obscurity is bunk. Script
>kiddies don't write their own code. Period. Clueful people can run a
>disassembler - some would probably even find that more interesting than just
>trudging through source.
>
>More to the point, most vulnerabilities now (and certainly the last couple
>of big PIX ones) aren't found by people examining the code - they're found
>by vuln-dev theorists who think about code behaviour at a meta-level or by
>people just "screwing around" with unexpected inputs.
>
>(Sorry to be so blunt with this one, Brian - you hit a sore spot. Have you
>been in close contact with any marketers or salespeople lately? If so I
>think there are post-exposure vaccines you can get...;)
>
>Cheers,
>
>--
>Ben Nagy
>Marconi Services
>Network Integration Specialist
>Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: Brian Ford [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, 4 December 2000 11:40
> > To: [EMAIL PROTECTED]
> > Subject: Re: Hardware Firewalls
> >
> >
> >
> > Thanks for the humor Kriss.
> >
> > I think the point that Kriss has missed is the integrity of
> > the operating system that is running on the "standard ole'
> > Intel machine". Purpose built firewall appliances, like the
> > Cisco PIX run a proprietary operating system.
>
>[...which provides security through obscurity. And, after all, you should
>always trust someone else to review the code that's affecting your
>organisational risk management decisions.]
Brian Ford
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
