Re: ics and firewall
From: NeoSadist (neos@dist)
- Next message: NeoSadist: "Re: NAT vs Firewall"
- Previous message: NeoSadist: "Re: ics and firewall"
- In reply to: B. Switzer: "Re: ics and firewall"
- Next in thread: NeoSadist: "Re: ics and firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "NeoSadist" <neos@dist> Date: Tue, 11 Feb 2003 13:21:48 -0700
"B. Switzer" <firstname.lastname@example.org> wrote in message
> "Mike" <email@example.com> wrote in message
> > >> How can a SPI firewall device with no external open ports be hacked?
> > >Here's two:
> > >1. Software Bugs
> > >2. Trojan Horses / Virii.
> > 1. Do you know of any past/recent bugs that caused an SPI firewall
> > device to be compromised? I'd like to know more about it.
> > 2. What if different systems and methods are in place that block/nuke
> > these things at multiple points locally (and remotely)?
> > Mike
> I don't have stats. or references for you, I haven't been looking or
> tracking. But, any time there's a bios / firmware / software or other
> update, it's usually not just for bug fixing but for security bug fixing
Yes, obviously it can't just be for one thing, and there are new threats
every day, etc yada yada yada....
> 2. goes back to what many have said here, security is more than just
> firewall. If we just consider security, then I think saying that something
> like ZoneAlarm to block outgoing as well is necessary, isn't unreasonable.
> The trick is to make the redundancies contributory, not redundant. i.e. A
> second firewall just checks things twice pointlessly, but only permitting
> certain things out is not something that a hardware firewall checks.
> Not everyone is computer savvy, that's why such products exist. Nor should
> they have to be. Inevitably someone will inadvertently get something that
> phones home. Call it Trojan, spyware, or adware, or whatever, even
> reasonable people will do it inadvertently. Thus the need for firewall,
> security, virus software, and everything else.
> It's a nasty world out there, something I don't think is going to change
> time soon.