OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: firewalls and the incoming traffic pro

Re: firewalls and the incoming traffic problem

Aleph One (aleph1dfw.net)
Sun, 28 Sep 1997 15:44:43 -0500 (CDT)

On Sun, 28 Sep 1997, Marcus J. Ranum wrote:

> - Firewalls are good at providing access control
> on return traffic that is in response to a request
> that originated behind the firewall

I am not sure you can make this claim. The fact is that a firewall will
never be able to protect you from implementation errors. It does not
matter if the implementation is a client or server. Take for example
web browsers. The firewall may be configure to filter Java and Javascript
from incomming HTML, but what about that little known feature of Embedded
Browser 3.4 that came with your free copy of LameSuite 3.2 that lets
anyone do <MYOWNLAMESCRIPTINGLANGUAGE EXEC="c:\windows\format">? Or what
about users of the some scriptable IRC client with the latest scripts with
backdoors?

  So yes you are correct that firewalls force you to split your security
between the firewalls and host security on all systems. But it is naive to
think it hasnt always been this way. Until someone starts to develop a
firewall based on some AI techniques they are no more than a static filter
for a dynamicly changing enviroment.

> mjr.
> -----
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> <A HREF=http://www.clark.net/pub/mjr>Personal</A>
> <A HREF=http://www.nfr.net>Work</A>
> <A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>
>

Aleph One / aleph1dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT