...
> > So, if a firewall that only protects you against outsiders works perfectly,
> > you might reduce your risk by 10%. Won't you feel nice and warm and fuzzy!?
>
> yes, i feel :-)
> if the firewall is properly configured, even insiders can't break the
> firewall's security.
I think perhaps my point wasn't made clearly. The firewall can only be as
good as the OS on which it exists. If your firewall is an application
on top of an OS, I can break the firewall by breaking the OS.
>
> >
> > Another problem with firewalls being an application is that the firewall
> > then does not really provide much protection for WWW sites. Since you
> > can't trust the WWW software to run on the firewall (because you can't
> > trust the OS), you must either put the WWW server inside of or outside of
> > the firewall. If it is outside, then there is no protection for the WWW
> > server (and I am certain that we all know of the home pages that have been
> > altered by hackers). If the WWW server is on the inside, then you must
> > open a hole for anonymous users in the firewall, thus greatly reducing or
> > eliminating any security it might have afforded you.
>
> how could a firewall protect a WWW server? impossible!
> the only 'secure' solution is to place it outside and insure this host as
> good as possible.
Well, "impossible" is a very big word to use! Especially, since this is
exactly what we have. If your assumption is that the firewall is an
application, then I do agree with you. That is why the functions of a
firewall need to be a base component of a high assurance OS (so you know
that they work). Then you run the WWW server on that OS, and you (apparently)
have the impossible. :-)
>
> >
> > Bottom line is that the firewall is COMPLETELY dependent upon the security
> > provided by the OS for its own security - The firewall can be no more
> > secure. If I can break into the OS, the firewall is mine to mangle. More
> > on thsi below.
> >
> > [snip]
> >
> > Jon F. Spencer spencerj @
rtp .
dg .
com (uunet!rtp.dg.com!spencerj)
> > Data General Corp. Phone : (919)248-6246
> > 62 T.W. Alexander Dr, MS #119 FAX : (919)248-6108
> > Research Triangle Park, NC 27709 Office RTP 121/9
> >
> on a typical firewall, there only runs:
> -the kernel, i never heard of any breakin with the help of a kernel bug
> -a few harmless services such as inetd
> -the firewall software, often known, sometimes proven to be good
> i trust this stuff, but not the configuration of the firewall, even not mine.
> if you want a better security as such one, it's surely *not* your OS, it's
> simply not to connect at all.
> i don't know if your OS is more or less secure as mine. but, IMHO, it doesn't
> matter. human failure, that's the point you have to take care.
>
> rolf
It does matter. And so does limiting the effects of human failure, which will
always be present. When you make a human SUPER user, you have amplified
that users mistakes. So here is one path to travel to limit human mistakes.
But this is not the place for a tutorial on how to deal with the REAL risks
of a computing environment. Suffice it to say that if you don't deal with
them, your firewall won't work, your home page will be violated, and
termites will eat your mouse pad.
That is why I reassert that if your base OS (including the admin environment)
is not high assurance and does not deal with the real threats, your
firewall is not very good.
Jon
Follow-Ups:
|
|
