At 10:09 PM 7/21/96 -0400, you wrote:
Frank Willoughby <frankw@in.net> wrote:
FWIW, of @70 firwalls on the market, only @5 are adequate to protect a company from the hazards of the Internet.
Ah, Frank, are you talking here about session hijacking and is end-to-end crypto the defining factor of the robust five?
Of course (Vin already knew the answer). 8^) To answer the other questions posed on this list, the vendors who are relatively immune to the above attacks AND are Application Gateway type firewalls are: (in alphabetical order): Digital's Firewall for Unix - *IF* the IP Encryption Tunnel is also used Raptor's Eagle Technologics' firewall (This is a stretch. They claim they have encryption, but I'm not wild about the implementation) 1/2 a point TIS Gauntlet V-One's SmartWall Interestingly enough, the reason the 5 are so robust is that they employ user->firewall encryption to help prevent session hijacking attacks. FWIW, session hijacking isn't a theoretical attack. It is a serious threat and (sadly) it's as simple as "point & click". Another plus for good crypto - it not only helps protect the privacy of data, it also helps prevent some types of hacking attacks. Anyone can do firewall->firewall encryption (and most serious vendors do). The hard part is getting the user->firewall encryption part to work well. Again, as stated in my previous mail, my company doesn't sell firewalls, so I can call things the way I see them. As the above list will probably draw the flames of firewall vendors who feel insulted that they aren't part of the list, I think it would be best to move this topic over to the firewalls mailing list (where it really belongs). See you there.
Suerte, _Vin
Vin McLellan +The Privacy Guild+ <vin@shore.net> 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 <*><*><*><*><*><*><*><*><*>
Best Regards, Frank Any sufficiently advanced bug is indistinguishable from a feature. -- Rich Kulawiec <standard disclaimer> The opinions expressed above are of the author and may not necessarily be representative of Fortified Networks Inc. Fortified Networks Inc. - Information Security Consulting http://www.fortified.com Phone: (317) 573-0800 FAX: (317) 573-0817 Home of the Free Internet Firewall Evaluation Checklist