RE: Firewall configuration statistics
From: Des Ward (des.ward_at_ntlworld.com)
Date: 06/10/03
- Previous message: Depp, Dennis M.: "RE: VPN vs changing routes"
- In reply to: Devdas Bhagat: "Re: Firewall configuration statistics"
- Next in thread: security_at_rexwire.com: "RE: Firewall configuration statistics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Devdas Bhagat'" <devdas@dvb.homelinux.org>, <security-basics@securityfocus.com> Date: Tue, 10 Jun 2003 21:06:58 +0100
Sorry,
My point was that having unhardened servers that are behind a firewall is
not the fault per se of the firewall. ALGs should stop the most common
attacks, but this is no substitute for ensuring that all parts of the
infrastructure are as secure as is possible.
-----Original Message-----
From: Devdas Bhagat [mailto:devdas@dvb.homelinux.org]
Sent: 10 June 2003 03:38
To: security-basics@securityfocus.com
Subject: Re: Firewall configuration statistics
On 07/06/03 00:42 +0100, Des Ward wrote:
<snip>
> Is a firewall misconfigured if someone hacks through the web application
> layer? No, the firewall allows http/https traffic because we need it.
It's
> the domain of the overall security strategy to prevent those attacks which
> no firewall can stop.
Errrr? ALGs could stop some attacks (or if you can do some pattern
matching in the ALG, most of them). And layered security should involve
some level of layer 7 protocol validation.
I don't know about you, but I certainly would include a proxy based
firewall for publicly exposed applications (unless they have been
throughly audited for known bugs, and maybe even then).
Devdas Bhagat
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Depp, Dennis M.: "RE: VPN vs changing routes"
- In reply to: Devdas Bhagat: "Re: Firewall configuration statistics"
- Next in thread: security_at_rexwire.com: "RE: Firewall configuration statistics"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
