Search This Blog

Thursday, May 20, 2010

firewall-wizards Digest, Vol 49, Issue 10

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: a cutting-edge open-source network security project
(Thomas Ptacek)


----------------------------------------------------------------------

Message: 1
Date: Wed, 19 May 2010 12:00:12 -0500
From: Thomas Ptacek <tqbf@matasano.com>
Subject: Re: [fw-wiz] a cutting-edge open-source network security
project
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: firewall-wizards@listserv.cybertrust.com
Message-ID: <3F825805-D8D9-4181-8880-173B001E9DFF@matasano.com>
Content-Type: text/plain; charset="us-ascii"

You're right, but that's kind of a straightforwardly-solved problem, isn't it? Just park it behind SSH.

The heresies involved in Travis' project are much more violent than the command/control channel. Interested in your real thoughts.

On May 18, 2010, at 7:49 PM, Darren Reed wrote:

> On 2/05/10 03:48 PM, travis+ml-firewalls@subspacefield.org wrote:
>> Quoting:
>> http://www.subspacefield.org/security/dfd/
>>
> ...
>
> How do you authenticate connections to the dfd daemon?
>
> If all I need is netcat (as per the example in your web
> page above), then that doesn't speak too highly of the
> security of the daemon itself.
>
> Are you effectively giving all users that can connect
> to it root level privilege on the firewall?
>
> Darren
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


---
Thomas Ptacek // matasano security // founder, product manager
read us on the web: http://chargen.matasano.com
check out playbook: http://runplaybook.com
reach me direct: 888-677-0666 x7805

"The truth will set you free. But not until it is finished with you."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2417 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20100519/aa627481/attachment-0001.bin>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 49, Issue 10
************************************************

No comments: