>
> Are we advocating security-by-obscurity here? Don't think for one
> minute that those who are interested in cracking Netscreen can't
> disassemble it and look for exploits. I know nothing about NetScreen,
> but if what you say is true, you've just given a very good reason *not*
> to use NetScreen.
In my opinion, 'security-by-obscurity' is two-edge sword, with both merit
and drawback. I'll consider to use this principle like every one in real
life. But I'll keep an eye on it though.
The true is, technically speaking, it generally harder for a hardcore
hacker (knowing how to code!) to find a OS level bug in a private OS.
simply because he did not have the source code. (application bug may be
other story).
The fact is there are bugs in ScreenOS. I remember a buffer overflow one
related to its build in httpd daemon. But generaly, I'm impressed with its
coding style (you can 'feel' it when you configure it) and the speed it
evolved (around 1 year for its first screenOS release, as I can remember).
Compared with Cisco software such as firewall manager... OH, boy!!
Netscreen is a serious choice. Go Netscreen!!
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Jun 01 2001
Intro
