Firewalls: Re: Firewall Failure Modes

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall Failure Modes
From:	"Jeff D. Maddox" <jdm @ ssds . com>
Date:	Wed, 26 Apr 1995 16:57:29 -0500 (CDT)
To:	"Dr. Frederick B. Cohen" <fc @ all . net>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<9504251200 . AA22109 @ all . net>

To all in response to Dr Cohen's request for views.

I must agree with both Mr Ranum and Dr. Cohen in the arena of testing. 
Yes Mr Ranum testing cannot EVER confirm that a security system will not
fail. In support of Dr. Cohen's view, however, the very foundation of
scientific inquiry is built on the concept of test until failure, then
modify your hypothesis to take into account the fact that your experiment
(test) failed. In the case of firewall design, your hypothesis is your
design it would be considered a good hypothesis until someone caused it to
fail. It is in your best interest that YOU cause that failure rather than
an individual bent on desruption or destruction. 

Therefore I find that I must agree with Dr. Cohen on this topic.

Jeff Maddox
SSDS, Inc.
Austin, TX

References:

Firewall Failure Modes
From: fc @ all . net (Dr. Frederick B. Cohen)

Indexed By Date	Previous:	BSDI as screening router? From: "LDC - Luis E. Mun~oz" <lem @ usb . ve>
Indexed By Date	Next:	Re: Secure Modem Pool From: Carl Jolley <cjolley @ iac . net>
Indexed By Thread	Previous:	Firewall Failure Modes From: fc @ all . net (Dr. Frederick B. Cohen)
Indexed By Thread	Next:	Re: Firewall Failure Modes From: emwmf @ emw . ericsson . se (Martin Fredriksson)