| "In our tests, we were unable to complete testing on two products-the
| Borderware Firewall Server from Border Network Technologies Inc. (Toronto)
| and Connect: Firewall from Sterling Software Inc. (Irving, Texas)-because
| both required changes to our test application that we couldn't make."
I would like to point out that what the testers were complaining about
is that the Borderware Firewall (I'm not sure about the Connect: Firewall)
would not allow pass-through ftp from the outside. The 3.0.1 version
of the firewall requires cyrptocard authentication (or what we call
Secure FTP). The testers couldn't modify their automated test suite to do
the challenge response required.
Imagine potential hackers who have automated test suites to test the security
of systems (they won't be that interested in performance). They will be
able to test a lot more stuff when a pass-through ftp is present then
when a challenge response type ftp is present. From a security stand point,
this restriction is good not bad.
That said, we have realized that people want flexibility (in some cases
above security). Thus, we have already added the capability to allow
transparent ftp from the external network to the internal network in version
3.1 of the Borderware Firewall. Of course, we strongly discourage the use
of this proxy.
Gene Amdur
Sr. Systems Developer
Border Network Technologies
|
|
