| Author |
Message |
Eirik Seim
Guest
|
 Posted:
Thu Jan 20, 2005 10:27 pm Post subject:
Re: What does a firewall do? |
|
|
On Thu, 20 Jan 2005 08:47:03 -0500, Arthur Hagen wrote:
| Quote: | Leythos <void@nowhere.lan> wrote:
In article <slrncuv979.de.eirik@kain.mi.uib.no>, eirik@mi.uib.no
says...
But as I said, if the attacker does something completely
unexpected (perhaps even unthinkable), the firewall could miss it.
Imagine the firewall like a machine - if you tell it to only allow X
services/ports, then it won't allow anything else - unexpected or not,
without an explicit rule allowing a service/port it just wont work.
I don't think you understand "unexpected". All the above does is working
with the *expected*. The unexpected is what the designers did NOT think of,
even as a remote possibility.
Something unexpected could be like a high amount of RGMP packets of an odd
size, undocumented flag combinations and the target router appearing as the
group requestor.
|
And of course, the flaw exploited could be a result of several
devices or services each acting completely normal and apparently
secure, enabling an attacker to put the systems in a weird state
that might allow for one in a million packets handling some
important function to fail in a predictable manner...
This is the very nature of security, the good guys have to do all
they can possibly think of to protect themselfes, while the bad
guys can focus all their attention in one specific area. It's
really not fair, but that's the way it is.
--
New and exciting signature! |
|
| Back to top |
|
 |
Wolfgang Ewert
Guest
|
|
| Back to top |
|
|
Nick Roberts
Guest
|
| Posted:
Sat Jan 22, 2005 2:48 am Post subject:
Re: What does a firewall do? |
|
|
Wolfgang Ewert <w.ewert2002@gmx.de> wrote:
I don't want to stray too far off topic here, but you (Juergen and Wolfgang)
have missed the original point. "Even Windows can be turned into such an OS"
referred to turning Windows into a secure OS. This is terrifically different
to mere security of IP services.
As I understand it, Windows 95/88/ME had essentially no security features at
all (that worked). Early Windows NT offered some effective security
features, but not in a very coherent, complete, or readily usable form.
Windows XP and its successors install by default with a fair degree of
security features already configured and operational, and have a few
features that make it easier for the user to actually take advantage of the
security mechanisms available.
AdaOS, however, will offer a much more advanced set of security features,
all enabled and well configured by default, designed to make it easy for the
user to protect herself to a high degree from viruses or other threats.
To put it another way, I was not talking about stopping the hacker from
getting in, but rather I was talking about what the OS does to stop the
hacker from doing harm (or to limit the harm) having got in.
But thanks for taking the trouble to provide links for me!
--
Nick Roberts |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in