Re: [Full-Disclosure] Sidewinder G2
From: Shawn McMahon (smcmahon_at_eiv.com)
Date: 11/20/03
- Previous message: Alan Kloster: "[Full-Disclosure] Download.trojan appdl[1].exe"
- In reply to: Schmehl, Paul L: "RE: [Full-Disclosure] Sidewinder G2"
- Next in thread: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- Reply: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 20 Nov 2003 12:10:27 -0500
Schmehl, Paul L wrote:
>
> Maybe your network policy states that, but I would prefer for single
> point of failure devices to fail open, rather than closed. For us,
> network availability is a higher priority than protection is. If the
> firewall fails, I don't want the entire network down while we're waiting
> for a vendor to fix it. I'd be surprised if most networks aren't that
> way.
The problem with this, as I'm sure you know (but it bears repeating for
the peanut gallery) is that it turns any DoS on your firewall into an
instant security hole. That escalates the severity of DoS bugs on the
firewall, which greatly increases the need to upgrade it when they're
found, which can increase your downtime.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Alan Kloster: "[Full-Disclosure] Download.trojan appdl[1].exe"
- In reply to: Schmehl, Paul L: "RE: [Full-Disclosure] Sidewinder G2"
- Next in thread: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- Reply: Michael Gale: "Re: [Full-Disclosure] Sidewinder G2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
