Re: [fw-wiz] SANS Top Ten and Commercial Firewalls
From: Ryan M. Ferris (rferris@rmfdevelopment.com)
Date: 10/03/02
- Next message: Gary Flynn: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Previous message: Jim MacLeod: "Re: [fw-wiz] stealth ports and IDS"
- In reply to: m p: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Next in thread: Kevin Steves: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ryan M. Ferris" <rferris@rmfdevelopment.com> To: "m p" <sumirati@yahoo.de>, "Anton A. Chuvakin" <anton@chuvakin.org> Date: Thu Oct 3 18:24:01 2002
An interesting variant on this is the DARPA sponsered Linux compiler that
compiles software (including Linux) without some of the known security
loopholes found in ordinary C compilers:
www.immunix.org
This is probably no substitute for careful validation and verification of
the code with respect to security guidelines (i.e. NIST common criteria,
etc.), however it is another good tool to prevent the deployment of insecure
code.
Without extensive black box testing, I don't know how you would do this on
software for which you don't have the source.
Ryan M. Ferris
rferris@rmfdevelopment.com
----- Original Message -----
From: "m p" <sumirati@yahoo.de>
To: "Anton A. Chuvakin" <anton@chuvakin.org>
Cc: <firewall-wizards@honor.icsalabs.com>
Sent: Thursday, October 03, 2002 10:42 AM
Subject: Re: [fw-wiz] SANS Top Ten and Commercial Firewalls
> --- "Anton A. Chuvakin" <anton@chuvakin.org> schrieb: > Devdas and all,
> >
> > Just out of curiousity.
> >
> > >proftpd, vsftpd, pureftpd
> > >...
> > >Postfix/Qmail
> > >...
> >
> > Is there any evidence that helps decide whether its more secure because
> > its written better or because its used less?
> >
>
> Hi Anton,
>
> there are programs out there which were written with security in mind. As
there
> are postfix, qmail, djbdns, daemontools, tcpwrappers, ....
>
> Those are believed to be secure (and checked/reviewed) by many people.
>
> The argument "because it is used less" should be carefully mentioned. Now
> Netware is seldom used - but as showed on the blackhat conference in Vegas
this
> year there are many ways to gain more access than what you were granted
...
>
> Marc
>
>
>
>
> __________________________________________________________________
>
> Gesendet von Yahoo! Mail - http://mail.yahoo.de
> Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
- Next message: Gary Flynn: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Previous message: Jim MacLeod: "Re: [fw-wiz] stealth ports and IDS"
- In reply to: m p: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Next in thread: Kevin Steves: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
