[EMAIL PROTECTED] wrote:
>
> Actually, it was not really a remot compromise but an oversight in QA,
> where such that when the pieces were integrated, the Gauntlet firewall was
> then vulnerable.
Blah. It was delivered r00table out-of-the-box. This makes the finished
product vulnerable. Period. Now, if this had been end users installing
stuff on the firewall, it had been another matter, but it wasn't.
To me, this just proves again that you shouldn't load one single
machine up with a bazillion of services. Separate machines is
the way to go.
To steer this in another direction and reconnect to my "Basic firewall
design concepts" post from two weeks ago (Hi, Jefferey! :)), I'd like
to talk a bit about sidewinder again. Well, actually, more about the
concept of "trusted OSes" than sidewinder, but since that firewall is
a representative of said category, here goes...
Now, the tOS idea is to compartmentalize the operating environment so
that a compromised FTP proxy process won't gain control over the
firewall kernel or other processes. Fine. Assume that this works.
Being a C and assembler coder, I don't believe it really does, but
that's another story. Let's just for the sake of argument assume
that it actually works.
Now, assume that said FTP proxy process is compromised and completely
under the control of an external user. What, pray tell, keeps this
FTP proxy from connecting to pretty much any port on any host
behind the firewall?
Hmm?
Food for thought, I say...
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
