|
Subject: |
Firewalls review in Data Comms |
|
From: |
jalsop @
seachange .
com (John Alsop) |
|
Date: |
Fri, 24 Nov 1995 10:30:18 -0500 |
|
To: |
firewalls @
GreatCircle .
COM |
|
Illegal-object: |
Syntax error in Content-Type: value found on seaport.seachange.com: Content-Type: text ^-illegal content type specification |
My .02 on the Data Comms article:
"We decided to focus our evaluation on performance rather than security..."
- Bad decision. Evaluating a firewall primarily on its performance throughput
is like evaluating a bank vault based on how wide the doorway is.
"Our take on security is that it's inherently untestable"
- complete nonsense
"With attackers coming up with new tricks all the time, there's no way to
prove that a firewall can withstand all forms of assault"
- this is a true statement, but doesn't mean that all the existing "tricks"
can't be tested
"Another problem with packet filters is that they can't monitor link-state
information, which means they can have trouble with connectionless datagram-
based protocols like NFS (Network File System) ..."
- no-one in their right mind should be allowing NFS access from the
Internet to their internal network
Bottom line: a very misleading article from an otherwise pretty-good
publication.
--
John Alsop
Sea Change Corporation
6695 Millcreek Drive, Unit 1
Mississauga, Ontario, Canada L5N 5R8
Tel: 905-542-9484 Fax: 905-542-9479
Internet: jalsop @
seachange .
com
Follow-Ups:
|
|
