"Ronald L. Sharp" <rls @
neptune .
att .
com> writes:
> It has been discussed on this list by some that you should, IN THEORY,
> be able to do most anything in the kernel using stateful inspection
> that can be done by a proxy application. While anything is possible "in
> theory" I am more interested in the actual implementation. For example,
> could anyone explain if and how FW1 can protect an inside network host
> from a "buffer overflow" attack?
Do you mean buffer overflow in the sense of some type of bandwidth
based denial of service, or in the sense of a Unix buffer type
intrusion attempt based on a bug in a network service e.g. the syslog
attack?
If you mean the latter, then I don't understand why an application
running on an inside network host should be in this position in the
first place, since you need to provide defence in depth. Any firewall
design which allows raw traffic thru to an internal machine where
security on that internal machine hasn't been addressed is going to
be an issue. This applies to Firewall-1, BorderWare, fwtk plug gateway
etc etc. I would consider it a design issue, not a product feature.
Regards,
Todd
|
|
