>
> > Finally, if the event shows that FW1 is vulnerable, then my recommendation
> > is o switch to another product, such as the Gauntlet (I don't work for NAI,
> > it simpy happens that I know this one better than others).
>
> I can't agree completely here. Recommending one firewall without knowing
> the requirements is not only an uninformed answer, it's a lazy one. Each
> firewall has its strengths and weaknesses. And, I can think of one or two
> ways to DoS each of them.. Keep in mind, they're software and software
> isn't perfect (neither is hardware).. Security is, IMHO, about mitigating
> risk. By having the layers of security I lised above, one decreases the
> risk of a single vulnerability so your enterprise's security isn't all
> hinged on the quality of one product, in this case, the firewall.
Ahh, but Gauntlet was hit a few months back with a remote compromise was
it not? So the words of Doug Song et. al. about most firewall products
being vulnerable to simliar exploits seems to ring more true perhaps...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
