Firewall Wizards mailing list archives
Re: Q on external router
From: tqbf () secnet com
Date: Sat, 25 Apr 1998 03:25:44 -0500 (CDT)
We hear about sendmail's lack of reliability but I am not aware of any security problems since version 8.8.5, that's 4 releases ago. If you're going to discount software because it had bugs in a previous release then you'd have to pass on 99% of the firewall technology available today.
This logic was employed at Sendmail version 8.7.5, which, if you'll recall, withstood public scrutiny for quite some time (longer, I think, than the 4 releases we've seen --- you can verify this pretty easily). Following 8.7.5 was an onslaught of security bugs, including blatantly obvious issues (like the SIGHUP handler that actually executed argv[0]). The odds are that we will find more Sendmail bugs, not because Sendmail is software written by a human being, but because Sendmail has a poor design (from a security perspective) which makes the possibility and scope of new security holes large. I realize that we've found bugs in firewall products. Bugs have been found in virtually everything. The question is not whether it's *possible* that we will find an exploitable problem in a given computing component, but whether it is *likely* that we will. From this, we can gauge whether the rewards of deploying something outweigh the risks. I submit that it is likely that we will find bugs in switches, because switches are performance-enhancing devices that are not (AFAIK) designed with security as a priority. I submit it is unlikely that we will find a bug (easily) in any given application gateway firewall. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Re: Q on external router, (continued)
- Re: Q on external router tqbf (Apr 24)
- RE: Q on external router Andrew J. Luca (Apr 24)
- Re: Q on external router Adam Shostack (Apr 23)
- Re: Q on external router Marcus J. Ranum (Apr 23)
- Re: Q on external router tqbf (Apr 23)
- Re: Q on external router Paul D. Robertson (Apr 24)
- Re: Q on external router Eric Vyncke (Apr 24)
- Re: Q on external router tqbf (Apr 24)
- Re: Q on external router darrenr (Apr 24)
- Re: Q on external router Roger Marquis (Apr 24)
- Re: Q on external router tqbf (Apr 25)
- Re: Q on external router Adam Shostack (Apr 26)
- Re: switched DMZ (was Q on external router) Roel JT Jonkman (Apr 23)
- Re: Q on external router Bennett Todd (Apr 23)