At 01:22 PM 10/4/96 -0400, "K.M. Goertzel" <goertzek @
wangfed .
com> allegedly
wrote:
>Now, can someone explain to me why Sidewinder doesn't appear on the NCSA's
list
>of "blessed" firewalls - at least it doesn't according to the press release I
>received?
I could venture a guess - they don't feel there is any added value in
being added to NCSA's list and I would agree with their choice. A
cursory examination of the firewalls which made it into the list would
tend to support my conclusion. Many (can we spell most) of the firewalls
mentioned in their list are susceptible to a couple of types of attacks.
Also, of all of the firewalls on their list, there are only 1 or two that
I would consider for recommending to a client.
This brings me to another subject. Several companies have been getting
into the business of "certifying" firewalls and from what I have seen so
far, I'm rather underwhelmed at the results. Some companies will run the
satan/santa or other product against a firewall and then "certify" it -
if the firewall passes the test. IMHO, free satan/santa tool is vastly
over-rated and will (at best) tell you if the sysadmin has made a feeble
attempt in keeping up with the CERT advisories and has been trying to
keep the patches current. This is a far cry from the ability to protect
the corporations networks from an attack by a determined hacker over the
Internet.
While I am not really wild about firewall certifications, nor am I thrilled
about the apparent conflict-of-interest issues surrounding the certifications,
my main gripe is with the methodologies used to approve the firewalls.
Personally, I would recommend that they re-examine the methodologies and
come up with better tests.
FWIW, Marcus Ranum wrote a good article about "firewall certifications".
Last time I checked, it could be found on V-ONE's home page.
>K.M. Goertzel * Manager, Business Development
>Secure Systems & Services Operation * WANG FEDERAL, Inc.
>tel (703)827 3914 * fax (703)827 3161 * email goertzek @
wangfed .
com
>
>"An elephant: a mouse built to government specifications"
> - Robert Heinlein
Best Regards,
Frank
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
<standard disclaimer>
The opinions expressed above are of the author and may not
necessarily be representative of Fortified Networks Inc.
Fortified Networks Inc. - Information Security Consulting
http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817
Home of the Free Internet Firewall Evaluation Checklist
|
|
