Hi Jeffrey,
of course I have been exaggerating a bit (with the salad bowl thing, not
with the thing about the multiple lines of defense). But the thing is
that Dug Song and friends have not tried to make swiss cheese of PIX,
Gauntlet or any other firewall - just because you find FireWall-1 almost
everywhere and it therefore makes an interesting target.
What makes you so sure that PIX and Gauntlet will resist such determined
attacks better than FireWall-1? I do not think that Check Point's
engineers are any worse than the engineers at any other company. In
fact, when the FTP PASV thing came up PIX was actually more vulnerable
than FireWall-1.
All I am saying that we do not have any proof that there aren't a lot of
equally serious holes in any other firewall. I could very well imagine
that we will see another vendor's firewall being "statefully inspected"
at next year's Black Hat Briefings. :-)
Well, in my opinion, it always boils down to the same thing. Use more
than one line of defense.
Cheers
-Thomas
--
Thomas Lopatic, TUeV data protect GmbH, [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
