[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Sidewinder G2
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Sidewinder G2
- From: "Schmehl, Paul L" <pauls@utdallas.edu>
- Date: Thu, 20 Nov 2003 10:24:40 -0600
> -----Original Message-----
> From: Ron DuFresne [mailto:dufresne@winternet.com]
> Sent: Thursday, November 20, 2003 9:21 AM
> To: Schmehl, Paul L
> Cc: full-disclosure@lists.netsys.com
> Subject: RE: [Full-Disclosure] Sidewinder G2
>
>
> >
> > 3) What happens when Sidewinder fails? Does it fail open?
> If it does
> > (and it should), is their version of sendmail still
> protected? Or is
> > it sitting on the Internet bare-ass naked, waiting to be 0wn3d?
>
> it should fail "closed", preventing any traffic from passing,
> otherwise you have a door stop.
Maybe your network policy states that, but I would prefer for single
point of failure devices to fail open, rather than closed. For us,
network availability is a higher priority than protection is. If the
firewall fails, I don't want the entire network down while we're waiting
for a vendor to fix it. I'd be surprised if most networks aren't that
way.
Now, if it's something really critical *inside* the network that is
protected by a firewall, then you might want it to fail closed, but at
the edge?
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html