At 11:43 04/09/00 -0400, Michael H. Warfield wrote:
> > Ah, yes, a machine that knows how to emulate the exact state
> > (timings, buffer locations, buffer sizes, amount of available RAM,
> > all variables, et cetera) of every piece of hardware and software that
> > it protects , without their original vulnerabilities, and also knows
> > how to protect against said vulnerabilities, without fouling up in
> > a single location or becoming vulnerable itself.
hey, we don't seem to have the same dictionary, no?
if you think that a firewall is software mummy, who watches his soft
children, then you're simply out of luck. nothing such that exists, and
it probably will never. on the other hand, firewalls do exist, and that since
a long time.
A firewall's mission is to implement control, not bug fixes. although we've
seen
frewall vendors trying to cope with buggy software, they simpy provided access
control methods to do that, and this is not a fix, it is a way to help
waiting for the
fix.
> Oh yeah... And don't forget, knows what systems they are running
>on without being configured and knows all the user accounts and what they
>are allowed to access, without having access to the user databases (that
>would be a security risk having that information on the firewall, right?).
are you kidding? If I set up a user database for the firewall, used to
grant access
through the firewall depending on their profile, a thing kept in the
database, where is
the risk. or are you gonna tell me that the fact the firewall accesses its
config file
is a risk, since he might modify it? Aren't you mixing it up?
> > ri-i-i-i-ight.
if you dont' have faith, none can give it to you. so I won't try...
> > Now, which alien race do you propose would help us build it?
The alien peple called: intelligent, skilled, positive, helpful...
you may be one of them if you just throw away that cover :)
> Better dig out that time machine while your at it. I think we
>are going to need some future help as well. That firewall is going to
>have to have that "telepathy circuit" fully functional and tested.
My friend, you are taking it the bad way...
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
