Firewall Wizards mailing list archives
Re: How automate firewall tests
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Tue, 22 Aug 2006 17:04:43 -0400
Patrick M. Hausen wrote:
You can. You can code an HTTP server that does nothing but serve static documents in (my guess) less than 1000 lines of C and you can prove a program of this size to be correct.
My first web site was implemented entirely using /etc/inetd.conf using /bin/dd if=/www/document.html and tying the whole thing together mapping one URL to a port. Obviously, that approach is limited. :) I don't think correctness proofs are necessary or maybe even possible. What I'm interested in seeing are "arguments from sound engineering." Take the example above; I can probably assert: Given that dd is configured to only send data out the pipe, we cannot be penetrated across the data channel. That's really nice! Look ma, no buffer overruns! There are still potential resource starvation attacks, TCP-level traffic jamming games, etc, etc. But by accepting absolutely no data from the remote system, we've taken whole classes of problems off the table. The "take whole classes of problems off the table" approach is what engineers consider elegance of design. It's that kind of elegance that is mostly lacking in how we do operating systems and security system design, today. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests ArkanoiD (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Chris Blask (Aug 22)
- Re: How automate firewall tests Patrick M. Hausen (Aug 22)
- Re: How automate firewall tests Chris Blask (Aug 23)
- Re: How automate firewall tests Crispin Cowan (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Cat Okita (Aug 29)
- Re: How automate firewall tests Marcus J. Ranum (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 23)
- Re: How automate firewall tests Tina Bird (Aug 23)
- Re: How automate firewall tests lordchariot (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 21)
- Re: How automate firewall tests Chris Byrd (Aug 21)
- Message not available
- Re: How automate firewall tests Marcus J. Ranum (Aug 22)
- Re: How automate firewall tests Keith A. Glass (Aug 20)
- Re: How automate firewall tests R. DuFresne (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 23)
- Re: How automate firewall tests haim [howard] roman (Aug 23)