Firewalls: Re: Cisco's PIX Firewall

Firewalls
(December 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Cisco's PIX Firewall
From:	jeromie @ garrison . com@scet.org.uk (jeromie @ garrison . com)
Organization:	SCET
Date:	Fri, 6 Dec 96 11:00:23 -0000
To:	firewalls @ greatcircle . com

> On Thu, 5 Dec 1996, Jeromie Jackson wrote:
> 
> > > 
> > 	Food for thought for people like Cisco/FW1... If you were to just make
> > a Mail Transport Agent for the hub, and provide it along with the product,

> > people like me could not bitch, and you could say you covered the bases. 
I did
> > note in one of the earlier posts from Cisco that they are indeed working
on it.
> > 
> 
> 	Creating an MTA does not solve the issue. Who is to say that a
> vendor authored MTA is any more secure than Berkeley Sendmail? At least
> with Berkeley Sendmail you have the source to review if you so choose. I
> submit that this is a luxury you would not have with a vendor supplied
> MTA. People tend to attack Sendmail because it's high profile as far as
> security errors go. However, DNS and HTTP are just as, if not more serious
> areas of concern. I think the real solution is to have these services made
> available with full source code. This being said, I think there are plenty
> of free software packages available to meet these needs. This software
> simply needs to be reviewed on a regular basis.
> 

	Yes, you are right, I should not assume that the vendor of a security
product would do any type of assurance testing that would superseed that of
the current MTA products.  In a decent security world, one might be able to
assume something of the sort, but..... I would have to agree with you.

	In reguards to your opinion of the code being more secure because of the
widely publicized source code, I would definitely have to DISAGREE with you.  
Just because the code is made public does not make it more secure whatsoever.
Now if you would have said that the code be made public so that a formal 
testing methodology be implemented upon it, I would have agreed.  Releasing
the
code to the public may give random people a chance of finding a security
problem
I would agree.  However, providing code to the public does not provide
assurance


Jeromie Jackson
Garrison Technologies
jeromie @
 garrison .
 com




--

     _/_/_/  _/_/_/  _/_/_/  _/_/_/  | Tel: (0141) 337 5000  
    _/      _/      _/        _/     | Fax: (0141) 337 5050  
   _/_/_/  _/      _/_/      _/      | Net: scet @
 scet .
 org .
 uk 
      _/  _/      _/        _/       | AppleLink: SCET.DEV   
 _/_/_/  _/_/_/  _/_/_/    _/        | WWW: http://www.scet.org.uk
......learning through technology   |

Indexed By Date	Previous:	Re: Serially connected firewalls and FTP From: Jim . Egan @ iai . com@scet.org.uk (Jim . Egan @ iai . com)
Indexed By Date	Next:	[no subject] From: toon @ cem-bb . e-mail . com
Indexed By Thread	Previous:	Re: Cisco's PIX Firewall From: jeromie @ garrison . com (Jeromie Jackson)
Indexed By Thread	Next:	Re: Cisco's PIX Firewall From: jeromie @ garrison . com@scet . org . uk @ scet . org . uk (jeromie @ garrison . com@scet.org.uk)