Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: Proxy 2.0 secure?

Re: Proxy 2.0 secure?

David Newman (dnewmancmp.com)
Thu, 2 Jul 1998 23:43:39 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: ICMan: "Stateful Packet Filter (SPF) vs Application Layer Gateway (ALG)"
Previous message: ICMan: "RE: Proxy 2.0 secure? (IDS)"

Glass houses, Mr. Ptacek. You're ascribing conclusions to the article that
just aren't there. The text cautioned *against* concluding that devices
were secure simply because they didn't barf when we hit them with a finite
number of attacks. I have no desire to get into a pissing match with you
about this, but you're making up conclusions we were careful to avoid, and
we even cautioned our audience against reading too much into our findings.
You need to be more careful with *your* wording.

I noted earlier in this thread that this isn't an issue of ISS's tools or
yours (or ours, for that matter; NSTL, which conducts most of Data Comm's
security testing, has its own attack tools as well). As I said earlier, it
doesn't really matter whose tool we use to generate ping of death, land,
teardrop2, boink, and the like; the target machines fail the same way.

tqbfpobox.com on 07/02/98 09:17:24 PM

Please respond to tqbfpobox.com

To: David Newman/NYC/CMPNotes
cc: tqbfpobox.com, firewall-wizardsnfr.net
Subject: Re: Proxy 2.0 secure?

> I'm sorry you're attacking me, for we are actually in violent agreement

It is not my intention to attack you; I simply have problems with the
manner in which conclusions appear to have been reached in an article you
wrote.

> you that running a finite, known set of attacks against a properly
> configured device does *not* mean a device is secure.

You should be more careful with your wording. Running a finite number of
exploits or attack signature generators against a device does not mean
that a device is secure, in general or from the underlying vulnerabilities
exploited/assessed by your attack tools.

> Also, a clarification: ISS Safesuite has multiple modules, including one
> that is intended for use against *firewalls,* not end-systems. It was
this

NetSonar and CyberCop Scanner also have firewall testing modules (CCS
focusses on firewalls and routers) --- but I wouldn't rely on metrics from
either product to make conclusions about the security of a firewall
product. Apparently you agree, and I'm misunderstanding you, but I would
like to clarify the fact that this isn't an ISS vs. NAI issue (I think ISS
would agree with my logic here).

---------------------------------------------------------------------------

-- Thomas H. Ptacek SNI Labs, Network Associates, Inc. ---------------------------------------------------------------------------

--
http://www.pobox.com/~tqbf     "If you're so special, why aren't you dead?"

Next message: ICMan: "Stateful Packet Filter (SPF) vs Application Layer Gateway (ALG)"
Previous message: ICMan: "RE: Proxy 2.0 secure? (IDS)"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:31 CDT