Fir> For all these firewall products being offered by vendors, what proof if any,
Fir> to the customer, does does the vendor provide to guarantee correct bounds
Fir> checking has been done in their source code so the stack cannot
Fir> be mangled by buffer overflows (and hence compromised)?
KM> None of them do this in an independently verifiable way, beyond what NCSA and
KM> the various magazines test for. I would be interested in how much of that is
KM> intensive penetration testing, and how much is simply functionality testing
KM> (i.e., works as documented).
KM> You will probably be safer with one of the few firewalls to run on a platform
KM> that uses some kind of mandatory access control to isolate the firewall from its
KM> executable images and configuration files. This leaves you with two choices:
(deleted interesting, but not so relevant discussion to my question ..._
Most people do not want to pay for B2 or higher security, because the
average 'Joe User' is not the military buying servers under large
DoD info protect initiatives.
Firewall software should, in my opinoin, be checked and certified by the
vendor to not have the possibility of smashing the stack. This is not
expensive and does will not ad significantly to the product.
However, bounds checking means slower code, so it is highly possible that
faster firewall processors have suboptimal optimizations that make them
good performers and less secure internally.
(let's avoid a discussion of multi-level security.... thanks!, few can
really afford it!!)