-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Plus a good firewall should not exhibit characteristics to the outside
world that would match, for example, NFR signatures or tell you its
brand etc. in reply to a probe.
- -
James D. Wilson
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
- -----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Brian Steele
Sent: Tuesday, January 12, 1999 3:18 PM
To: [EMAIL PROTECTED]
Subject: Re: OS Platform for firewall (...the answer is..)
>I must say that I agree with the idea of not implementing your
firewall on
>the same OS you are looking to protect. We are an NT shop but our
dual
>firewall structure is based on separate firewall products and
separate OSs.
The assumption here is that the box running the firewall software
appears
the same to the hacker as a box not running the firewall software,
assuming
that you're using the same OS on both boxes. I think that assumption
many
not be quite correct.
I lean more towards keeping the same OS on both boxes to minimize the
system
management requirements, but keeping the firewall in a separate
"security
space". In the case of NT, this means keeping it in a separate domain
with
a one-way trust relationship, or running it as a standalone server.
Brian Steele
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
Comment: Spammers are NetAbusers - Jail Them With The Other Criminals
iQA/AwUBNpy9lDAufbtGOmgdEQInFwCdECbdtNKwEaVwY6dFcjmryb7otgQAmgIP
17db5t8gCJb1+yZbUrUyTZ4y
=wE50
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
