| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1305135061.26856.27.camel@subarashii> Date: Wed, 11 May 2011 19:31:01 +0200 From: phocean <0x90@...cean.net> To: "Dobbins, Roland" <rdobbins@...or.net> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: Sony: No firewall and no patches Le mercredi 11 mai 2011 à 17:15 +0000, Dobbins, Roland a écrit : > On May 12, 2011, at 12:09 AM, phocean wrote: > > > I still don't see how the hell the typical web server will handle as much traffic as one of these Checkpoint, Cisco or whatever monsters. > > That's the dread secret - they aren't really 'monsters'. When I look at the specs of high end machines of most makers, they are and they outmatch most of x64 servers. Do you mean they lie? I don't mean to defend them, I really don't care, but can you develop? > > > But on a large network with inter-vlan filtering, it matters a lot. Believe me, this one is based on my operational experience. > > Size <> complexity, complexity <> size. They are orthogonal concepts. Small networks can be complex, large networks can be simple. Ok. First English is not my mother language, so I try to be precise but that not always easy :) Second, I am talking about rules sizes, not network sizes, and by complexity, I wanted to address the ease of administration. You will certainly agree that the more rules there are, the most risks there are of human mistake. Reducing rules by something like 70% in an improvment and an advantage that stateful can have. > > > I still trust more the network stack of a Linux/BSD/IOS dedicated box than the one of a Windows Server. > > Sure - but that has nothing to do with the 'sanity checks' and 'inspectors', which are custom-coded. > > ----------------------------------------------------------------------- > Roland Dobbins <rdobbins@...or.net> // <http://www.arbornetworks.com> > > The basis of optimism is sheer terror. > > -- Oscar Wilde > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists