I don't agree!
In my opinion, it is a misconception to consider that a firewall
is something that blocks malicious traffic.
A firewall sould block bad traffic _and_ allow good one.
As in many situations and areas, before you take, you must give.
So, the wire cut is a really bad firewall.
so, in theory, perfect firewalls do exist. This means that there is hope
to see one someday, and also that this is a good thing to work on.
Unfortunately, the task is hard for many reasons:
[design constrains]
The design should be complete and must handle many threats and
many protocols.
[code constraints]
Coders and quality eng. should be skilled _and_ disciplined. coders should
not only implement the designed product, but also avoid dangerous tricks,
be good programmers (so as to know that some ways of doing things is the
bad one...)....
[investment]
Someone has to invest in. This may be a group of individual doing it for fun
or for other reasons, or a compny doing it for the money. In the latter case,
the success of the project depends on the market. if customers do not
"collaborate", there is no hope. This explains part of what is happening today.
Customers have been calling for features and features, and requiring that these
be implemented as soon as possible. In the best case, the features in question
are reasonable for a FW, but were required by huge pressure, so that their
implementation is not reliable. In the worst case, the features have nothing to
do here, and are only an additionnal risk of vulneability.
So, the hardest part of the puzzle is the market. note that this also
explains why
many good products are actually "free" ones: They do not directly suffer
the market
pressure. Imagine if ipchains/ipfilter/... has been developped by a
company, what could have
happened? customer pressure requires a gui to be delivered tomorrow!
improving the core?
what core? If it needs to be improved, said the customer, I'll switch to
another one!
cheers,
mouss
At 16:24 02/09/00 -0400, norman bottom wrote:
>OPTIONS (In order of likelihood)
>
>1) No people are left alive.
>
>2) All employees are dismissed.
>
>3) mjr's method is employed (Wire Cutter).
>
>4) "Newbies" must wear a sign to that effect.
>
>5) Human Factors are wedded with technology.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
