RE: [firewalls] Digest Number 388

chris . hastings Wed, 13 Dec 2000 08:40:30 -0800

Mike,

***
This strikes me as an overreaction - what exactly should they be doing?
Unless they perform a checksum on every application every time it connects
to the 'Net, this sort of a problem will likely exist.
***

Your statement above about performing a checksum is certainly an avenue
which needs to be considered.  Although some
processing time would be required at the initiation of each application
accessing the network, the option of being able to do
this would be quite valuable (and necessary) to some people.  The option
could be disabled on slower machines if someone
is willing to assume this greater risk.

just my 2 cents...

Chris Hastings
Manager, Network Security
Network Computing Services
Vanderbilt University Medical Center
[EMAIL PROTECTED]


                                                                                       
                                                              
                    Michael.Owen@net-tel                                               
                                                              
                    .co.uk                      To:     [EMAIL PROTECTED]       
                                                              
                    Sent by:                    cc:                                    
                                                              
                    firewalls-owner@List        Subject:     RE: [firewalls] Digest 
Number 388                                                       
                    s.GNAC.NET                                                         
                                                              
                                                                                       
                                                              
                                                                                       
                                                              
                    12/13/2000 09:59 AM                                                
                                                              
                                                                                       
                                                              
                                                                                       
                                                              


> Likewise, it doesn't take a rocket scientist to realize that the name
> of the
> file can be changed.  So having to have these fundamental flaws in
> architecture
> pointed out to them before they begin to concern themselves with
> addressing them
> severely damages their credibility at a very fundamental level for me.

This strikes me as an overreaction - what exactly should they be doing?
Unless they perform a checksum on every application every time it connects
to the 'Net, this sort of a problem will likely exist. I would say that
checking port numbers and executable names is pretty good - a standard
packet filter makes its decisions based strictly on ports.

Tools like personal firewalls are not a cureall. While I think the current
hype is largely that - hype, it's good that people are being told that a
personal firewall isn't an excuse to ignore all other aspects of security.
A personal firewall, an up-to-date virus scanner, and the sense to only
execute things you trust will serve you quite well.

In a corporate environment, users who don't understand this need to be
educated, and users who deliberately ignore these rules should have their
'Net access curtailed.

Mike

----
Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]




-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: [firewalls] Digest Number 388

Reply via email to
