Re: Proxy 2.0 secure?

["Mark Horn [ Net Ops ]" <mhornNOSPAM () funb com>]

Gillian Steele says:
> Personally, I'm willing to put my faith in those magazines that actually do
> real-world testing, to back up their claims,   and the claims of Data
> Communications about the "soundness" of  the NT-based Firewalls, including
> MSP 2.0 seem sound enough to me.

NT is a pretty big operating system that is tied to its very big user
interface.  That's a *LOT* of code containing a number of bugs
commensurate with the code's size.  Bellovin's "Fundamental Theorem of
Firewalls" says that's a problem.  The idea is that since all code has
bugs, the best way to reduce bugs (i.e. security holes) in a firewall is
run the firewall with the least amount of code possible.  It is
exceedingly difficult to do that with NT.

So, from my perspective, it doesn't matter what firewall software is
running on NT.  It will always be more susceptable to bugs than equivalent
software running on a trimmed down unix.  Until you can remove the bloated
GUI from NT, your stuck with its known and unknown bugs - all of which, on
a firewall, are security holes.

-- 
Mark Horn <mhornNOSPAM () nospam funb com>

PGP Public Key available at: http://www.es.net/hypertext/pgp.html
PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1