Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?

From: Carson Gaspar (carson_at_taltos.org)
Date: 06/02/05

  • Next message: Siju George: "Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 02 Jun 2005 04:26:57 -0400
    
    

    --On Tuesday, May 31, 2005 6:42 PM -0400 Chris Blask <chris@blask.org>
    wrote:

    > The data and operational ability is there to give visibility into network
    > activity - it's just a Very Large Numbers problem (but so are Large
    > Primes, and we just keep building bigger gear to handle it). Products
    > exist to do this today, just not many people are using them yet.
    >
    > That sort of capability doesn't solve all the world's problems, but it
    > makes a lot of things clearer.

    No argument here - I'm all for obsessive log retention and analysis. I just
    wanted to raise the issue of email attachment attack vectors being stupidly
    easy to prevent in the general case. There are some nasty corner cases
    (having to do with MIME ambiguity and encoding bogosity), but they're
    solvable.

    -- 
    Carson
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Siju George: "Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?"