home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!darwin.sura.net!mips!pacbell.com!att!att!ulysses!ulysses.att.com!smb
- From: smb@ulysses.att.com (Steven Bellovin)
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: Firewall usage
- Message-ID: <17013@ulysses.att.com>
- Date: 28 Jul 92 19:13:56 GMT
- References: <Bs3vCz.K13@cs.columbia.edu>
- Sender: netnews@ulysses.att.com
- Lines: 43
-
- In article <Bs3vCz.K13@cs.columbia.edu>, ji@cs.columbia.edu (John Ioannidis) writes:
- [lots of reasons why firewalls are a bandaid, and how we should fix the
- real problem, including getting vendors to ship secure systems]
-
- John is, of course, absolutely right (except where he called firewall
- users ``communist'', which may or may not be true (the Internet reaches
- lots of places these days...), but is irrelevant and seemed to be
- intended as an insult). Vendors should ship secure systems, internal
- security measures are necessary in any event, and users and system
- administrators should do a better job. I strongly suspect that every
- firewall developer is fighting all of those battles, and many more. I
- certainly do -- when I worry about TCP/IP security, for example, it's
- because AT&T uses it internally, and wants to secure its internal
- networks and products.
-
- The problem with John's conclusions are that I have to live in the real
- world, which includes people who *must* run old versions of various
- operating systems, users who don't pick good passwords, and
- administrators who are careless. I can't do anything about any of
- those things, except to exhort people to do better. In the mean time,
- I try to keep the dragons away from their doors, while hoping for a
- better world tomorrow.
-
-
- --Steve Bellovin
-
- P.S. It occurs to me that John is also wrong when he says that firewalls
- only defend against known problems. That's precisely wrong. Fixing holes
- only works until some chracker finds a new hole. A good firewall keeps out
- anything but a very few services. The network behind the firewall can
- be attacked, but only through bugs in either those few services or in
- the firewall itself.
-
- While host security can -- and should -- be improved, I'm quite dubious
- that it can ever be made good enough. Never mind bad administration --
- I don't think the state of the art of software engineering is up to the
- task. I take it as axiomatic that all large programs have bugs, and
- that therefore security servers will have security bugs. Yes, good design
- can minimze the odds and/or the impact -- but I doubt that the holes
- can ever be eliminated completely. Looking at it another way, firewalls
- are precisely an example of good software engineering practice -- they're
- (presumably) small, simple pieces of code, and hence are much less likely
- to have bugs.
-