firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Use of single port aggregations to enhance security (ArkanoiD)
2. Volunteers wanted for IPsec configuration experiment
(Steven Bellovin)
----------------------------------------------------------------------
Message: 1
Date: Sat, 9 Jan 2010 11:26:15 +0300
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Use of single port aggregations to enhance
security
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20100109082615.GA27953@eltex.net>
Content-Type: text/plain; charset=koi8-r
I thought *every* operating system follows the rule "apply
packet filtering first, bring interfaces up later" nowdays?
On Wed, Jan 06, 2010 at 06:12:46AM +1100, Darren Reed wrote:
> So what difference can this make?
>
> If you're using an operating system based firewall (Linux,
> BSD, Solaris), then depending on the order of the operating
> system enabling firewalls capabilities vs networking, there
> may be windows where packets are able to reach code paths
> that they weren't intended for because nic drivers start
> servicing packets quite early.
------------------------------
Message: 2
Date: Sun, 10 Jan 2010 15:19:30 -0500
From: Steven Bellovin <smb@cs.columbia.edu>
Subject: [fw-wiz] Volunteers wanted for IPsec configuration experiment
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <D9042048-9CEF-4D68-B57E-AF61EAAF71E5@cs.columbia.edu>
Content-Type: text/plain; charset=us-ascii
We've devised a new IPsec configuration mechanism, and we're performing a controlled experiment comparing it to today's mechanisms. Accordingly, we're looking for volunteers to participate in our study. (It's been submitted to and approved by the university's Institutional Review Board (IRB).)
So -- we're looking for volunteers who are generally familiar with how IPsec works, but haven't actually configured it anywhere. (The former does, I think, describe most subscribers to this list...) The study will take place during the second half of January; we expect it to take 2-3 hours. There will be modest compensation to participants.
I'm being deliberately vague on details of our scheme, for fear of biasing the results. We will make details available as soon as possible, and we plan to release our code under an open source license.
If you're interested, please contact me.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 45, Issue 3
***********************************************
No comments:
Post a Comment