lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 11 May 2011 19:31:01 +0200
From: phocean <0x90@...cean.net>
To: "Dobbins, Roland" <rdobbins@...or.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Sony: No firewall and no patches

Le mercredi 11 mai 2011 à 17:15 +0000, Dobbins, Roland a écrit :
> On May 12, 2011, at 12:09 AM, phocean wrote:
> 
> > I still don't see how the hell the typical web server will handle as much traffic as one of these Checkpoint, Cisco or whatever monsters.
> 
> That's the dread secret - they aren't really 'monsters'.

When I look at the specs of high end machines of most makers, they are
and they outmatch most of x64 servers. Do you mean they lie?
I don't mean to defend them, I really don't care, but can you develop?

> 
> > But on a large network with inter-vlan filtering, it matters a lot. Believe me, this one is based on my operational experience.
> 
> Size <> complexity, complexity <> size.  They are orthogonal concepts.  Small networks can be complex, large networks can be simple.

Ok. First English is not my mother language, so I try to be precise but
that not always easy :)
Second, I am talking about rules sizes, not network sizes, and by
complexity, I wanted to address the ease of administration. You will
certainly agree that the more rules there are, the most risks there are
of human mistake.
Reducing rules by something like 70% in an improvment and an advantage
that stateful can have.

> 
> > I still trust more the network stack of a Linux/BSD/IOS dedicated box than the one of a Windows Server.
> 
> Sure - but that has nothing to do with the 'sanity checks' and 'inspectors', which are custom-coded.
> 
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins@...or.net> // <http://www.arbornetworks.com>
> 
> 		The basis of optimism is sheer terror.
> 
> 			  -- Oscar Wilde
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ