Firewalls: Re: Remote dynamic rules updating

Firewalls
(April 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Remote dynamic rules updating
From:	Dave Roberts <djr @ saa-cons . co . uk>
Date:	Tue, 23 Apr 1996 09:41:23 +0100 (BST)
To:	sameer @ wiproge . med . ge . com
Cc:	Firewalls @ greatcircle . com
In-reply-to:	<9604221557 . AA09701 @ wiproge . med . ge . com>

On Mon, 22 Apr 1996 sameer @
 wiproge .
 med .
 ge .
 com wrote:

> 	I feel that in this kind of scenario, you will be more vulnerable to attacks and
> your security could be compromised.

Sorry, I don't see it.  Sure, because it's dynamic it's susceptible to 
error, which can open up a hole accidently.  But if the update 
information comes down a serial line, and both boxes are sat next to each 
other in a locked room, where's the extra attack vunerability?  If you 
see any, please let me know.

BTW, thanks to those that pointed out that MorningStar offer such a 
beasty, I'll be passing the information on.

--
Dave Roberts, Unix Systems Administrator, SAA Consultants Ltd, Plymouth, UK.
"smap has the advantage [over bare sendmail] that it was written by somone
who is almost certifiably paranoid" - Brent Chapman, London, 19 Oct 95.
  -=[ For PGP 2.6.3i public key, send mail with subject of "get pgp" ]=-

References:

Re: Remote dynamic rules updating
From: sameer @ wiproge . med . ge . com

Indexed By Date	Previous:	Re: Stopping Fakemail (smtpd-port25) From: finken @ conware . de (Michael Finken)
Indexed By Date	Next:	Re: PC based sniffer From: Tim Saltmarsh <imsecure @ ix . netcom . com>
Indexed By Thread	Previous:	Re: Remote dynamic rules updating From: sameer @ wiproge . med . ge . com
Indexed By Thread	Next:	Re: Remote dynamic rules updating From: Adam Safier <asafier @ csc . com>