At 10:27 06/09/00 -0400, Marcus J. Ranum wrote:
>The perfect firewall is only useful if you have perfect
>applications behind it, and perfect users using them.
I cannot disagree!
>Back in the Early Days of firewalls, I used to believe
>they could be made sufficiently secure. That was back
>when firewalls only carried about 5 protocols: SMTP,
>telnet, FTP, NNTP, and DNS. Some of us understood FTP
>bouncing and blocked it, but even then we understood the
>threat of someone sending scripts to users, or downloading
>trojaned code. These days, the kind of plug-ins that come
>in your typical browser, combined with all the bizarro
>undocumented protocols used by new Internet apps, make it
>highly unlikely that a firewall is doing anything more
>complex than a thin layer of policy atop routing. As
>such, the apps behind the firewall are now more critical
>to security than the firewall itself. Which should scare
>the holey moley out of you.
That's true, but the situation is no different than other domains.
if you see all those crashed planes, you would be tempted to
believe that planes are not secure. I however see things the other
way. They are at a high level of security, but accidents do happen.
Back to networked applications, if one sees all those wondeful
things that are possible now, and that these things have been
produced so rapidly, can only stay astonished to those wonders,
and say, yes, there are accidents, but the whole building is more robust
than it could be. There are new bugs, for sure, but there are also new
fixes (see how sendmail has turned safer).
This is my point of view, nothing more. I'm not a fan of total security,
I have to agree (anyway, does total security exist?). When security
professionnals regret that eng. do not take security into account when
designing their systems, I regret when security developers ignore
all but security in their products, as this makes their products unusable,
and quickly replaced with vulnerable software, and we get back to
that sordid starting point. but here I disgress.
>See
>http://web.ranum.com/pubs/a1fwall/index.htm
>for details on the APDF firewall system, I designed a
>few ages ago. As far as I am concerned, it's the only
>firewall you can completely trust. Even the APDF can be
>mis-installed or mis-configured but it's pretty robust. ;)
well, you can trust it to block attackers, but you can't trust it to deliver
the service, which makes it a very bad choice for security. As far as I
know, security isn't only about blocking "bad" guys, it is also about letting
legitimate users access to legitimate resources (and we're then back to my
original message in this thread). Otherwise, DoS would be a feature not a
security
attack. remember the DDoS that "trashed" yahoo and other sites for some time.
If these sites use the APDF, their situation would be worst, since they
would be
"trashed" all the time.
(and I'm sure you agree with this, and only use the APDF for the robustness
side).
kind regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
