[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sidewinder G2

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Sidewinder G2
From: Shawn McMahon <smcmahon@eiv.com>
Date: Thu, 20 Nov 2003 12:10:27 -0500

Schmehl, Paul L wrote:


Maybe your network policy states that, but I would prefer for single
point of failure devices to fail open, rather than closed.  For us,
network availability is a higher priority than protection is.  If the
firewall fails, I don't want the entire network down while we're waiting
for a vendor to fix it.  I'd be surprised if most networks aren't that
way.

The problem with this, as I'm sure you know (but it bears repeating for the peanut gallery) is that it turns any DoS on your firewall into an instant security hole. That escalates the severity of DoS bugs on the firewall, which greatly increases the need to upgrade it when they're found, which can increase your downtime.

Attachment: pgp00087.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] Sidewinder G2
  - From: Michael Gale <michael@bluesuperman.com>

References:
- RE: [Full-Disclosure] Sidewinder G2
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>

Prev by Date: [Full-Disclosure] Download.trojan appdl[1].exe
Next by Date: RE: [Full-Disclosure] Sidewinder G2
Previous by thread: RE: [Full-Disclosure] Sidewinder G2
Next by thread: Re: [Full-Disclosure] Sidewinder G2
Index(es):
- Date
- Thread