Firewalls: Re: Hey the crackers have a new twist 8-(.

Firewalls
(March 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Hey the crackers have a new twist 8-(.
From:	"marcus (m.d.) leech" <mleech @ bnr . ca>
Organization:	Bell-Northern Research, Information Technology Division
Date:	Mon, 28 Mar 1994 09:29:45 -0500
To:	firewalls @ greatcircle . com
Mailer:	Elm [revision: 70.85]
X400-content-type:	P2-1984 (2)
X400-mts-identifier:	[/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;bcars520.b.134:28.02.94.14.29.47]
X400-originator:	/dd.id=1638487/g=marcus/i=md/s=leech/@bnr.ca
X400-received:	by mta bnr.ca in /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 28 Mar 1994 09:30:27 -0500
X400-received:	by /PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/; Relayed; Mon, 28 Mar 1994 09:29:47 -0500
X400-received:	by /PRMD=bnr/ADMD=telecom.canada/C=ca/; Relayed; Mon, 28 Mar 1994 09:29:46 -0500
X400-received:	by /PRMD=bnr/ADMD=telecom.canada/C=ca/; Relayed; Mon, 28 Mar 1994 09:29:45 -0500

It seems to me that the problem IS NOT with the firewall, but rather with
  an application hole (in sendmail) that allows you to drop a program on
  an internal system in the first place.

Authentication schemes on the firewall are virtually useless if your access
  policy allows essentially unfettered inbound access to certain services
  that are inherently untrustable (i.e. sendmail).

If you allow inbound access AT ALL it had better be for servers whose
  "index of trustability" is awfully high.

--
Marcus Leech        |Any opinions expressed are mine.         |+1 613 763 9145
VE3MDL              | and not those of my employer            |+1 613 567 5484
mleech @
 bnr .
 ca       |                                         |

Indexed By Date	Previous:	White Paper on Firewall Routers From: Terry Yackel <yacketl @ mnbp . network . com>
Indexed By Date	Next:	Re: ...hackers new twist From: "Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Indexed By Thread	Previous:	Re: Hey the crackers have a new twist 8-(. From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread	Next:	Re: Hey the crackers have a new twist 8-(. From: Marcus J Ranum <mjr @ tis . com>