|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] This just in: Firewalls are obsolete
rdump
river.com
Date: Tue Jul 12 2005 - 12:20:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 00:59 +0200 on 2005-07-12, Florian Weimer wrote:
> For complex protocols, you need one implementation which gets it
> right, not two or more which come close, but not close enough.
Better, you need one proxy implementation (which gets it right) of the
protocol subset which you wish to allow through your perimeter.
This just moves the complexity into HTTP sanitization, however. Is that
still a net win, given the new location (proxy) for implementation bugs?
Perhaps the single point of control, and reduction in protocol complexity,
still helps if you have clients that are, for all practical purposes,
unrepairable.
Richard
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]