I'm still convinced that the perfect firewall is one that does what we
it to do, and not necessarily what we tell it to do.
<g>
73
Rick wrote:
>
> Dear Sir,
>
> I believe that the perfect firewall could, and perhaps, does exist. The
> problem with almost everything in such cases, is the human aspect. Mistakes
> are made, and only one such mistake has to be made for a possible security
> problem to be spawned, a weakness in the armour. All thats needed then is an
> attacker to come along who figures out how to utilize it.
> I tend to think of it as "A firewall is only as good as the people
> implementing it"
>
> Rick
>
> [EMAIL PROTECTED]
>
> ----- Original Message -----
> From: Michael H. Warfield <[EMAIL PROTECTED]>
> To: mouss <[EMAIL PROTECTED]>
> Cc: Michael H. Warfield <[EMAIL PROTECTED]>; Mikael Olsson
> <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Monday, September 04, 2000 4:54 PM
> Subject: Re: The Perfect Firewall
>
> > On Mon, Sep 04, 2000 at 06:22:18PM +0200, mouss wrote:
> > > At 11:43 04/09/00 -0400, Michael H. Warfield wrote:
> > > > > Ah, yes, a machine that knows how to emulate the exact state
> > > > > (timings, buffer locations, buffer sizes, amount of available RAM,
> > > > > all variables, et cetera) of every piece of hardware and software
> that
> > > > > it protects , without their original vulnerabilities, and also knows
> > > > > how to protect against said vulnerabilities, without fouling up in
> > > > > a single location or becoming vulnerable itself.
> >
> > > hey, we don't seem to have the same dictionary, no?
> > > if you think that a firewall is software mummy, who watches his soft
> > > children, then you're simply out of luck. nothing such that exists, and
> > > it probably will never. on the other hand, firewalls do exist, and that
> since
> > > a long time.
> >
> > I think you missed the point (I hope no one was standing behind you
> > because they just got slaughtered by it going over your head). The point
> > is not what a "firewall" is. We were discussin "The Perfect Firewall".
> > Do you have a definition for "The Perfect Firewall"? My definition of
> > "The Perfect Firewall" equates to a certain impossible engineering
> > structure some of us called a "blivit". Doesn't mean I don't believe
> > in or use firewalls. Just means that I do NOT trust ANY of them to
> > be "perfect".
> >
> > [...]
> >
> > > are you kidding? If I set up a user database for the firewall, used to
> > > grant access
> > > through the firewall depending on their profile, a thing kept in the
> > > database, where is
> > > the risk. or are you gonna tell me that the fact the firewall accesses
> its
> > > config file
> > > is a risk, since he might modify it? Aren't you mixing it up?
> >
> > If you set up a user database on a firewall, then you run a risk
> > of compromise. Ideally, if you need something like this, you should set
> > up a challenge/response system with another totally autonomous system
> > with all of your account information. The firewall then never posesses
> > your account information but can verify whether an account is valid or
> not.
> >
> > > > > ri-i-i-i-ight.
> >
> > > if you dont' have faith, none can give it to you. so I won't try...
> >
> > Missing the point again... If you depend on faith, you will
> > get screwed in the end. I don't have faith. I make sure.
> >
> > > > > Now, which alien race do you propose would help us build it?
> >
> > > The alien peple called: intelligent, skilled, positive, helpful...
> > > you may be one of them if you just throw away that cover :)
> >
> >
> > > > Better dig out that time machine while your at it. I think we
> > > >are going to need some future help as well. That firewall is going to
> > > >have to have that "telepathy circuit" fully functional and tested.
> >
> > > My friend, you are taking it the bad way...
> >
> > I think you totally missed the point. Maybe I needed to add some
> > more smilies in there.
> >
> > The point is that "The Perfect Firewall" is an oxymoron. The
> > point is that a firewall depends on too many other things such as
> > security policy, users, configurations, software, services, etc, etc,
> > etc. There can be no such thing as "The Perfect Firewall" which is
> > why several of us were making fun of the very idea. Perhaps you missed
> > the humor in what we were saying, or perhaps you actually believe that
> > such a thing could possibly exist.
> >
> > In the immortal words of Foghorn Leghorn (obnoxious rooster cartoon
> > character) - "It's a joke, son, a joke!"
> >
> > > cheers,
> >
> > > mouss
> >
> > Mike
> > --
> > Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> > (The Mad Wizard) | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the best of all
> > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
=========================================================
KB9BVN NORCAL 2792 FISTS 5695 QRP-L 1540 QRP-ARCI 10223
39.558 N 86.095 W Johnson Co., Indiana
GRID: EM69WN - Ten Tec Scout - Attic Dipole - 5w
Proud to be a member of the American Radio Relay League
FISTS Century Club #764/#24 QRP - Flying PIG QRP #-57
=========================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
