Re: [fw-wiz] How automate firewall tests

The problem here is that while firewall X might have all sorts of bells
and whistles, it also might be more vulnerable then firewall Y which has
only basic features because there's more of a chance that a chunk of code
has a flaw or loophole in it, allowing someone to compromise it. This is
compounded by the fact that firewalls are (in most cases) configured by a
human being, allowing even more opportunity for security breaches. You
might get a good comparison of feature vs. feature or 'general security'
as of a certain date, but it still wouldn't give you a very clear picture
of just how secure one firewall is versus another.

We really need some sort of tool or report that looks at how firewalls
handle and analyze data, adherence to protocol standards, history of
vulnerability (maybe across previous models by that manufacturer?), and
how easy/likely it is for an end-user to misconfigure a device, leaving it
wide open. Lots of small businesses, schools, etc have administrators that
aren't always security or firewall experts, and just are trying to get
things functional. So, shouldn't this factor be a part of what a firewall
needs to address to keep its network(s) secured?

I know the list could go on forever, but those are some bits of
information that I wish were more accessible to people when they're
looking at making a new firewall purchase.


Stefan Dorn


firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx wrote on 08-17-2006
05:10:37 PM:

Marcus and Strabla, hope all is well! After considering Marcus's
points, I wondered if perhaps getting a decent baseline standard between
the
various vendors might be a useful metric. By using the exact same
applications, or traffic against the different commercially available
firewalls the potential purchaser of such a device may be better
informed
when spending their money.
As was stated by Marcus, measuring security is like trying to hold a
drink of water in your hand. You might be able to do it, but someone
else is
always going to argue that you did not.
I know that I am wowed when I read vendor A's appliance can do blah,
blah blah, and vendor B's can do that and a whole lot more, but I have
never
seen a side by side comparison of the various devices one could choose
from.
Slick advertising gets me all the time.
I realize this is getting off the automated topic, but something
like this could help others make a better buying decision. Kind of like
a
Road and Track comparison of a Porsche roadster against a BMW against an
American version (I can not think of any American made roadsters).
Strabla, I may be close the same age as Marcus, but his experience
is magnitudes beyond mine. He researches and designs the stuff; I just
hide
corporate assets behind them, or try to anyway.
Best of luck with your research and hope that I may have provided
some food for thought for the lurkers.
Most sincerely, Richard Golodner
Rockville, Maryland


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

PRIVACY NOTICE: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain business confidential and
privileged information. Any unauthorized review, use, disclosure or distribution is
prohibited. If this e-mail was not intended for you, please notify the sender by reply
e-mail that you received this in error. Destroy all copies of the original message and
attachments.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • [NT] Vulnerability in TCP/IP Could Allow Remote Code Execution (MS06-032)
    ... Get your security news from a reliable source. ... Vulnerability in TCP/IP Could Allow Remote Code Execution ... Firewall best practices and standard default firewall configurations ... connected to the Internet have a minimal number of ports exposed. ...
    (Securiteam)
  • [NT] Vulnerability in Workstation Service Allows Code Execution (MS06-070)
    ... Get your security news from a reliable source. ... A remote code execution vulnerability exists in the Workstation service ... Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft ... Firewall best practices and standard default firewall configurations ...
    (Securiteam)
  • [NT] Vulnerability in Server Service Allows Remote Code Execution (MS06-040)
    ... Get your security news from a reliable source. ... Vulnerability in Server Service Allows Remote Code Execution ... Firewall best practices and standard default firewall configurations ... Internet to help prevent attacks that may use other ports. ...
    (Securiteam)
  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)
  • Re: Recycler security issues on IIS server
    ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
    (microsoft.public.inetserver.iis.security)
Loading