Bernd Eckenfels <[EMAIL PROTECTED]> writes:
>I can imagine it has to do with trade secrets in application level
>proxies... anybody knows more?
Actually, from everything I've been able to determine, the
newer versions of Gauntlet for NT took _out_ some of the
functionality of the proxies. The majority of them now are
just automated pass-throughs. Security-wise it's on par with
a Checkpoint firewall or a well-configured router.
I think there are three reasons why they pulled the source:
1) Investment bankers and Wall St types are terrified when
they see a company expose its intellectual property like
that.
2) There are/were lots of buffer overflows in some of the
proxies. I believe that a large-ish number have been fixed
but exposing your code makes it much easier for an attacker
to identify the flaws. This observation is not intended to
provoke an open source/closed source debate, but it's a
fact that having source makes it much easier for the
attacker. Set against that is the potential that someone may
send you a patch for the hole. My experience in the last
5 years indicates that hackers are more likely to exploit
source analysis than good guys are to submit patches so
it's a sensible move to conceal source from that perspective.
3) The proxies don't actually _do_ much security. I think there
may have been some concern that people would re-assess the
value of proxies based on awareness of what they actually
do inside. I know I have (but for other reasons).
I think that another possibility was that some sites would be
willing to pay handsomely for source code access.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
