I'll say this is a FW issue. You wouldn't believe the low quality of
some of the FW code I've run under GDB.
Also, things protected by a packet filter or plugboard need to protect
themselves against application layer attacks.
I have a set of guidelines for code reviewers; you can probably use
them as a good baseline. See www.homeport.org/~adam/review.html
Adam
Sacherich, Larry wrote:
| Excuse me for breaking away from firewall issues for a moment, but
| since most of us are interested in Internet security, I was hoping for
| some good feedback. Please contact me directly, as I do not want to
| abuse this forum.
|
| Our programming staffs have ask me for standards or guidelines for
| creating applications exposed to the Internet. These programs may
| access information through a firewall. Realizing, of course, that poorly
| written applications may even allow a cracker to eventually gain
| access through the firewall to other systems or databases.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
