>>>>> "Shmulik" == Shmulik Suhami <suhami @
mail .
finjan .
com> writes:
Shmulik> Does anyone know of a Java enabled firewall? Is there a need
Shmulik> for such a feature? Are there any products available? --
What problem are you trying to solve that requires a "Java enabled"
firewall?
What exactly is a "Java enabled" firewall?
On the issue of Java on firewalls, or Java in secure environments...
Java is very new stuff. It's been brewing (pun intended :-) in the
labs a long time, but it's still new. Security model has to be
scrutinized, and we (security geeks) need to bang on the
implementation to see how well it enforces the model.
Generally speaking, it's a bad idea to use any New Stuff where
security is a big concern. The reason is practical: without knowing
what bugs are there, it's difficult to assess what sorts of risks
you're exposing yourself to.
Now, if you're talking about firewall-type *applications* that are
written in Java, you're dealing with another religious issue
altogether: Should any compilers or interpreters live on your bastion
host? There isn't anything less secure about using an application
that's written in Java vs. one written in C. In fact, given that the
liklihood of errors in memory allocation, use of pointers, etc., is
between nil and very small, just the opposite might be argued.
But Java is *very* slow by comparison to C. And you need to have a
bytecode interpreter on your bastion host, or a Java development
environment that lets you generate machine-native object code.
In any case, what is it that you're trying to gain with this?
--
C Matthew Curtin MEGASOFT, INC Chief Scientist
I speak only for myself. Don't whine to anyone but me about anything I say.
Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
cmcurtin @
research .
megasoft .
com http://research.megasoft.com/people/cmcurtin/
References:
-
Java Firewall
From: Shmulik Suhami <suhami @
mail .
finjan .
com>
|
|
