| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <15533237421C6E4296CC33A2090B224A54C807@UTDEVS02.campus.ad.utdallas.edu> From: pauls at utdallas.edu (Schmehl, Paul L) Subject: Sidewinder G2 > -----Original Message----- > From: Ron DuFresne [mailto:dufresne@...ternet.com] > Sent: Thursday, November 20, 2003 9:21 AM > To: Schmehl, Paul L > Cc: full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Sidewinder G2 > > > > > > 3) What happens when Sidewinder fails? Does it fail open? > If it does > > (and it should), is their version of sendmail still > protected? Or is > > it sitting on the Internet bare-ass naked, waiting to be 0wn3d? > > it should fail "closed", preventing any traffic from passing, > otherwise you have a door stop. Maybe your network policy states that, but I would prefer for single point of failure devices to fail open, rather than closed. For us, network availability is a higher priority than protection is. If the firewall fails, I don't want the entire network down while we're waiting for a vendor to fix it. I'd be surprised if most networks aren't that way. Now, if it's something really critical *inside* the network that is protected by a firewall, then you might want it to fail closed, but at the edge? Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists