I will go slightly further here, and say that I am disappointed with
firewall vendors in general, in terms of where they seem to be going.
The thrust seems to be toward fancier plugboards that scan for things we
know or suspect are problems. Basically run grep on the stream or something.
This is closing the barn door in hopes of keeping the dimmer horses inside.
The other thing they do is try to contain damage with chrooted environments
and various derivations thereof.
What would actually be USEFUL would be application gateways that
parse the stream completely, and do no-write-down, no-read-up checking (err,
or whatever the right directions are) for reasonable definitions of Up and
Down. A good firewall would run two or more separately developed engines in
parallel, and use tell-me-N-times to be sure. A relatively simple way to do
it would be to use a Unix personality on top of Mach or QNX, and run the app
in that captive environment, and watch what it does to the input data, faking
up environment as needed. This has tremendous sex appeal, I think, but your
time-to-market is longer. You actually have to do something to support
a new protocol, instead of merrily plugboarding it through and yelling
'Hell yeah! We support GrookLink!'
What this lets you do is, instead of grubbing through the stream
and guessing whether it's icky, and trying to contain any detonations, is
simulate what the data is actually going to do when the real app gets it,
and see if it's going to do anything bad. This handles Java elegantly,
as well as the favorite sendmail-o-the-month bugs. Note that you cannot
handle Java with anything less, really, it's Turing Mumble Mumble Thingy
Complete.
Alas, the thrust seems to be toward spiffier marketing.
Andrew
Follow-Ups:
|
|
