IDS mailing list archives
RE: RE : ICSA certified - better?
From: "Monkman, Brian" <bmonkman () icsalabs com>
Date: Fri, 6 Aug 2004 11:01:10 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First off, I would like to thank the moderator of focus-ids for allowing this discussion to happen here. I am cross posting this to Firewall Wizards. Let's continue discussion there. Criticism based on facts I am more then happy to discuss. I'm going to assume you haven't yet completed reading of the criteria as I suggested in my previous post. I won't even try to suggest that vendors do not look at ICSA Labs certification as a "marketing thing". After all - is marketing not, in part, figuring out what your target customers want and ensuring that they get it? It would be insulting to those on the list if I was to seriously suggest that marketing *needs* are not a part of what brings vendors to submit products to ICSA Labs for certification testing. That said, I think you are doing everyone here a disservice by suggesting that for some reason that it is a bad thing. Let's look at some facts: 1. Every product that has been submitted to ICSA Labs for certification testing against version 4.0 of the criteria has had issues come up during the first pass of testing. You heard me right - EVERY product. 2. A number of products have had significant issues such as - inability to stand up to simple trivial DoS attacks, susceptibility to FTP bounce attacks, passing of malformed or fragmented packets in violation of the implemented security policy, and the list goes on. Some of these products come from vendors that are well known in the industry. 3. A large number of corporations, agencies and governmental and non-governmental organisations require ICSA Labs certification *BEFORE* they will even consider a product. 4. A week rarely goes by here at ICSA Labs where we do not host a visit from one of the groups listed in the point above. Visits that are undertaken so that group can learn more about who ICSA Labs is, what we do and how we do it. 5. Every product that has been granted ICSA Labs Firewall Certification must remain here at ICSA Labs for subsequent testing. That subsequent testing takes on two forms. First, products are re-tested on a periodic basis to ensure the current shipping version of the product still adheres to the current certification criteria requirements. Second, as exploits, vulnerabilities or product issues become known and if they intersect with a criteria requirement, that product will be subjected to a spot check. If this testing uncovers a criteria violation then the vendor will be REQUIRED to address the issue within a timeframe specified by ICSA Labs. If this does not happen then the vendor is at risk of having the product become de-certified. There have been a number of products that have been de-certified for this reason. I could go on for a while more but this is supposed to be a list for the discussion of IDS issues. This discussion would probably be more appropriate in a forum devoted to firewall issues and discussions, like Firewall Wizards for example. If you are interested in facts and want to learn more about what we do please feel free to contact me directly. Alternatively, there is plenty of information on our website. A whitepaper discussion of ICSA Labs Firewall certification testing and testing results can be found at: http://www.icsalabs.com/html/communities/firewalls/fwwhitepaper.pdf Additionally, every certified product has a publicly posted lab report that outlines the tests executed, issues found and what it took to address them. You can get to these lab reports from the certified products page found at: http://www.icsalabs.com/html/communities/firewalls/newsite/cert2.shtml Best regards, Brian - -----Original Message----- From: ph03n1x [mailto:ph03n1x () gmx net] Sent: Thursday, August 05, 2004 5:58 PM To: Monkman, Brian Cc: focus-ids () securityfocus com Subject: Re: RE : ICSA certified - better? Brian, I don't want to critisize your work or whatever. But the point is ICSA certification is a nice thing to have but it doesn't grant too much. It's more a marketing thing. I have seen firewalls with ICSA which lack imho important features in practical use. So it basically says not too much about quality it just grants that some features are implented in some way which is written in a nice paper. For the customer this certificate doesn't say much it's more an interesting marketing thing for the selling company ;) my 2 bits Monkman, Brian wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julius, Your information is a bit inaccurate. ICSA Labs has *never* certified only the GUI portion of the product. If you are interested in seeing what we actually do, our criteria is available to all at: http://www.icsalabs.com/html/communities/firewalls/certification/crite ria/criteria_4.0.shtml You will notice that our testing is a bit more encompassing then GUI testing. :-) Best regards, Brian - ---- Brian Monkman Technology Programs Manager, ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg PA 17050 Phone:717.790.8141 Fax:717.790.8170 E-mail: bmonkman () icsalabs com AIM: bmonkman03 Web: www.icsalabs.com PGP Key ID: 0x7E54D5CD "The sole purpose of human existence is to kindle a light of meaning in the darkness of mere being." - Carl Jung - -----Original Message----- From: Julius Detritus [mailto:julius.detritus () ifrance com] Sent: Wednesday, August 04, 2004 1:43 AM To: focus-ids () securityfocus com Subject: RE : ICSA certified - better?So basically you can certify the Firewall part of your product but the rest is not certified.... And sometimes the only certified of your product is the GUI _____________________________________________________________________ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France - ---------------------------------------------------------------------- - ---- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. - ---------------------------------------------------------------------- - ---- *** END PGP VERIFIED MESSAGE *** -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQRD71KMpP5h+VNXNEQIungCdEnUiISmOJoc0KuaYPczw01K1FtUAn0bj 5pDIZxvN3zqKakuqAo0IWOve =Rl8B -----END PGP SIGNATURE----- ********************************************************************* ** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ********************************************************************* ** --------------------------------------------------------------------- -- --- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------- -- --- --------------------------------------------------------------------- -- ---------------------------- Von Panda Platinum Internet Security eingefügter Text:: Wenn es eine unerwünschte Mail (SPAM) ist, klicken Sie auf den folgenden Link um diese neu zu klassifizieren: http://127.0.0.1:6083/Panda?ID=pav_1585&SPAM=true --------------------------------------------------------------------- -- ----------------------------
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQROdNqMpP5h+VNXNEQIEeQCgrfYU3bPSvvieqo69Gux740WVWuAAn3Lu 6juzudPDmQqMI3Pd6fj6qGDv =xCtI -----END PGP SIGNATURE----- *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. *********************************************************************** -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: RE : ICSA certified - better? Monkman, Brian (Aug 05)
- RE : RE : ICSA certified - better? Julius Detritus (Aug 06)
- <Possible follow-ups>
- RE: RE : ICSA certified - better? Monkman, Brian (Aug 06)