At 12:54 04/09/00 -0400, Michael H. Warfield wrote:
> I think you missed the point (I hope no one was standing behind you
>because they just got slaughtered by it going over your head).
oh, but that's why they laughed!
Thank for telling me, you so smart!
>The point is not what a "firewall" is.
oh really? in my logic, to define a "perfect thing", one starts with
the meaning of "thing". may be your approach is different.
>We were discussin "The Perfect Firewall".
>Do you have a definition for "The Perfect Firewall"? My definition of
>"The Perfect Firewall" equates to a certain impossible engineering
>structure some of us called a "blivit".
My defintion of a perfect firewall is obtained from that of a firewall by
adding
the word "perfectly" to the verbs of the definition. so, that's a tool that
implements network access control in a perfect manner. will it exist?
some think yes, others think no. it's a question of "faith" :-)
>Doesn't mean I don't believe in or use firewalls. Just means that I
>do NOT trust ANY of them to be "perfect".
I'm sure that's what you've been told since a long time....
> If you set up a user database on a firewall, then you run a risk
>of compromise. Ideally, if you need something like this, you should set
>up a challenge/response system with another totally autonomous system
>with all of your account information. The firewall then never posesses
>your account information but can verify whether an account is valid or not.
So, let me use the same argumentation just a second. If I set up a
configuration
file (after all, a database is a file with a fancy name :)) on the
firewall, then
I run a risk of compromise. so, I should not have a firewall config file.
If I continue,
I should not have anything on the FW, since anything is a risk.
> Missing the point again... If you depend on faith, you will
>get screwed in the end. I don't have faith. I make sure.
You're a lucky guy.
> > > Better dig out that time machine while your at it. I think we
> > >are going to need some future help as well. That firewall is going to
> > >have to have that "telepathy circuit" fully functional and tested.
>
> > My friend, you are taking it the bad way...
>
> I think you totally missed the point. Maybe I needed to add some
>more smilies in there.
if we keep on checking who's missed which point, we'll stay here for long.
so let's say that each of us missed the others points. ok?
> The point is that "The Perfect Firewall" is an oxymoron. The
>point is that a firewall depends on too many other things such as
>security policy, users, configurations, software, services, etc, etc,
>etc. There can be no such thing as "The Perfect Firewall" which is
>why several of us were making fun of the very idea. Perhaps you missed
>the humor in what we were saying, or perhaps you actually believe that
>such a thing could possibly exist.
so you finally got at it: I actually believe that a perfect FW exists (note
that I
replaced "such").
> In the immortal words of Foghorn Leghorn (obnoxious rooster cartoon
>character) - "It's a joke, son, a joke!"
and in Alice:
"I don't see what you mean by your way", said the Queen, "all the ways
around are mine".
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
