On Mon, Sep 04, 2000 at 06:22:18PM +0200, mouss wrote:
> At 11:43 04/09/00 -0400, Michael H. Warfield wrote:
> > > Ah, yes, a machine that knows how to emulate the exact state
> > > (timings, buffer locations, buffer sizes, amount of available RAM,
> > > all variables, et cetera) of every piece of hardware and software that
> > > it protects , without their original vulnerabilities, and also knows
> > > how to protect against said vulnerabilities, without fouling up in
> > > a single location or becoming vulnerable itself.
> hey, we don't seem to have the same dictionary, no?
> if you think that a firewall is software mummy, who watches his soft
> children, then you're simply out of luck. nothing such that exists, and
> it probably will never. on the other hand, firewalls do exist, and that since
> a long time.
I think you missed the point (I hope no one was standing behind you
because they just got slaughtered by it going over your head). The point
is not what a "firewall" is. We were discussin "The Perfect Firewall".
Do you have a definition for "The Perfect Firewall"? My definition of
"The Perfect Firewall" equates to a certain impossible engineering
structure some of us called a "blivit". Doesn't mean I don't believe
in or use firewalls. Just means that I do NOT trust ANY of them to
be "perfect".
[...]
> are you kidding? If I set up a user database for the firewall, used to
> grant access
> through the firewall depending on their profile, a thing kept in the
> database, where is
> the risk. or are you gonna tell me that the fact the firewall accesses its
> config file
> is a risk, since he might modify it? Aren't you mixing it up?
If you set up a user database on a firewall, then you run a risk
of compromise. Ideally, if you need something like this, you should set
up a challenge/response system with another totally autonomous system
with all of your account information. The firewall then never posesses
your account information but can verify whether an account is valid or not.
> > > ri-i-i-i-ight.
> if you dont' have faith, none can give it to you. so I won't try...
Missing the point again... If you depend on faith, you will
get screwed in the end. I don't have faith. I make sure.
> > > Now, which alien race do you propose would help us build it?
> The alien peple called: intelligent, skilled, positive, helpful...
> you may be one of them if you just throw away that cover :)
> > Better dig out that time machine while your at it. I think we
> >are going to need some future help as well. That firewall is going to
> >have to have that "telepathy circuit" fully functional and tested.
> My friend, you are taking it the bad way...
I think you totally missed the point. Maybe I needed to add some
more smilies in there.
The point is that "The Perfect Firewall" is an oxymoron. The
point is that a firewall depends on too many other things such as
security policy, users, configurations, software, services, etc, etc,
etc. There can be no such thing as "The Perfect Firewall" which is
why several of us were making fun of the very idea. Perhaps you missed
the humor in what we were saying, or perhaps you actually believe that
such a thing could possibly exist.
In the immortal words of Foghorn Leghorn (obnoxious rooster cartoon
character) - "It's a joke, son, a joke!"
> cheers,
> mouss
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
