|
Firewall Wizards
mailing list archives
Re: Vulnerability Response (was: BGP TCP RST Attacks)
From: "M. Dodge Mumford" <dodge () dmumford com>
Date: Tue, 1 Jun 2004 12:00:33 -0400
Paul D. Robertson said:
If it can't be attacked, then arguably, it doesn't need to be fixed.
That sentiment surprises me a bit. It appears to me to violate the concept
of defense in depth. Blocking the exploit path to a vulnerability may
mitigate the risk greatly, but the vulnerability still remains. In your
instance, the exploit path would involve attacking your host operating
system that's performing the firewalling.
I would think the point of mitigating the risk is to buy you time to fix the
vulnerability. That "time to fix" may be "until Longhorn is released." Which
assumes that Longhorn (or, broadly, version++) will fix the vulnerability.
--
Dodge
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- RE: Vulnerability Response (was: BGP TCP RST Attacks), (continued)
RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
Re: Vulnerability Response (was: BGP TCP RST Attacks) R. DuFresne (Jun 01)
RE: Vulnerability Response (was: BGP TCP RST Attacks) R. DuFresne (Jun 01)
|
Intro
