Re: [fw-wiz] FW appliance comparison - Seeking input for the forum

From: ArkanoiD <ark@xxxxxxxxx>
Date: Wed, 25 Jan 2006 19:18:30 +0300

nuqneH,

Though i think people who buy Checkpoint stuff are somehow non-representative
(i think if one tried that with, say, Cyberguard, we'd see completely
different picture) the results are still scary. Damn scary. That means 80%
firewalls could be thrown off with no further harm to security.

On Wed, Jan 25, 2006 at 05:32:49PM +0200, Avishai Wool wrote:
> Paul didn't say where he got that tidbit from (and 87.3% of all statistics
> are made up anyway :-) but if you want some hard numbers to back up
> the spirit of his claim, you can check out:
>
> A. Wool. A quantitative study of firewall configuration errors.
> IEEE Computer, 37(6):62-67, 2004.
> http://www.eng.tau.ac.il/~yash/computer2004.pdf
>
> Cheers
> Avishai
> --
> Avishai Wool, Ph.D.,
> Chief Technical Officer, Algorithmic Security Inc.
> http://www.algosec.com
> **** Want to audit or debug your firewall's policy? ***
>
>
> [snip]
>
> > Here's a little tidbit that's about 4 years old now, but ponder it and ask
> > yourself if the IDS is where people *should* be spending their time:
> >
> > Approximately 74% of firewalls are either misconfigured or not configured
> > to block attacks they're capable of blocking in normal operation.
> >
> > Paul
> >
> -----------------------------------------------------------------------------
> > Paul D. Robertson "My statements in this message are personal
> opinions
> > paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
> > http://fora.compuwar.net Infosec discussion boards
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@xxxxxxxxxxxxxxxxxx
> >
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@xxxxxxxxxxxxxxxxxx
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
  - From: Anton Chuvakin
- Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
  - From: Avishai Wool

References:
- Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
  - From: sai
- Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
  - From: Paul D. Robertson
- Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
  - From: Avishai Wool

Prev by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
Next by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
Previous by thread: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
Next by thread: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
... Paul didn't say where he got that tidbit from (and 87.3% of all statistics ... A quantitative study of firewall configuration errors. ... Avishai Wool, Ph.D., ...
(Firewall-Wizards)
Re: Is Pauls work on Revolver the apex?
... that's an interesting tidbit that I hadn't heard before. ... Paul is particularly attached to his left-handed Hofner. ... Hand" was produced by George and Paul together." ... Recently George cut short a holiday to help Paul come up with ...
(rec.music.beatles)
Re: Pinball Newspaper article
... I met Paul and Ann at the recent Chicagoland Jukebox show earlier this ... Interesting tidbit about how he helped a one armed boy enjoy the ...
(rec.games.pinball)
Re: Pinball Newspaper article
... I met Paul and Ann at the recent Chicagoland Jukebox show earlier this ... Interesting tidbit about how he helped a one armed boy enjoy the ...
(rec.games.pinball)