Firewalls: Re: Firewall failure modes (was Re: performance)

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewall failure modes (was Re: performance)
From:	Rick Smith <smith @ sctc . com>
Date:	Thu, 27 Apr 1995 17:42:38 -0500 (CDT)
To:	"Dr. Frederick B. Cohen" <fc @ all . net>
Cc:	smith @ sctc . com, firewalls @ greatcircle . com
In-reply-to:	<9504272134 . AA18823 @ all . net> from "Dr. Frederick B. Cohen" at Apr 27, 95 05:34:45 pm

Fred Cohen asks about the difference between SNS and Sidewinder...

First, they are completely independent and separate developments.  A
bug in one doesn't necessarily imply a bug in the other. The
specification documents are completely different.

Second, there are a bucketful of government contractual issues that
keep us from using the same testing on both systems. You risk a jail
cell if you use stuff developed under government contract without
their approval.

Third, lots of the "security testing" is in fact tests of internal
interface specifications. The two systems are miles apart at that
level. For instance, they have somewhat different sets of type
enforcement permissions, so the type enforcement testing is completely
different.

Mundane tests of external behavior like SATAN are run against both.
We built some of our own, too, of course.

Rick.
smith @
 sctc .
 com     roseville, minnesota

References:

Re: Firewall failure modes (was Re: performance)
From: fc @ all . net (Dr. Frederick B. Cohen)

Indexed By Date	Previous:	Re- No NFS on firewalls ? From: Fernando Cabral <fernando%boemia @ ax . apc . org>
Indexed By Date	Next:	Drawbridge from TAMU From: sjr @ hub . iwl-comm . com
Indexed By Thread	Previous:	Re: Firewall failure modes (was Re: performance) From: fc @ all . net (Dr. Frederick B. Cohen)
Indexed By Thread	Next:	Re: Firewall failure modes (was Re: performance) From: David Kovar <kovar @ NDA . COM>