Re: Firewall administration and thoughts cont.

[Mark Teicher <mht () clark net>]

Rik,

I would like to add the following to your points:

In discussing either firewall administration or cars, I am under the
impression that in using/installing/designing/evaluating or whatever that
software and/or hardware that we use to connect/secure/extend sites to the
internet/intranet, people sometimes overlook the common sense type things.
One issue is: Software and/or Hardware license agreements.  This issue
tends to conerns me since sometimes software/hardware companies imply
certain warranties or certain liabilities depending on what the software
and/or hardware actually can provide in design, function, or action but
never fully documents these type of items until something an incident occurs. 

To address the car issue: I would also like to add the following a car
designer named Preston Tucker introduced breakaway windshield, seatbelts
and turning headlights to help prevent some of the incidents your describe
below.  The big Three carmakers saw this as a threat, that those type of
incidents never were well documented, and that the implied warranty (never
documented) of the car was that is was overall safe and could transport
people to other destinations.  The accounting type people at the Car
Manufacturers did not want to state in public their implied warranty until
something happenned.  That implied warranty protected them from major
financial damage when a major car incident occurred due to a flaw in their
design but they had also calculated an acceptable sum to pay out in damages
also and never had to admit real guilt.


Since that time, agencies ( Ralph Nader's organization) , research
laboratories, magazines,(Consumer Reports, Road & Track, on and on) ,etc
have dedicated time in ensuring the public of the cars they drive are
somewhat safe.  Whether that assists us in making decisions about cars or
firewall/internet/security products is a whole another story in itself..

"Buyer Beware" 

/mht


At 11:56 AM 10/3/97 -0700, Rik Farrow wrote:
> Firewalls are intended to be security devices, and are supposed to
> help keep networks safe.  What I find disturbing is the most popular
> firewall products are actually designed in an unsafe manner.  That
> is, the person configuring the firewall is encouraged to do the wrong
> thing.
>
> I have come up with what I call Farrow's corrolary to Murphy's law:
> good designs are difficult or impossible to use in an unsafe manner.
> Let's look at an example which has nothing to do with firewalls, but
> does provide an excellent example of unsafe design.  
>
> In the fifties, one large car manufacturer designed car door handles
> which locked if you pressed them down, and unlocked and opened when
> pulled up.  A competing manufacturer inverted the design:  by pressing
> down on the handle, the door unlocked then unlatched, and pulling up
> on the handle locked the door.
>
> In the fifties, only race car drivers wore seatbelts.  Ordinary car
> passengers were considered lucky if they were thrown clear (well,
> through the windshield) in case of a collision.  Children rode in
> the back seat, a wide, featureless, bench, and could be rolled from
> side to side when going around corners.  In cars with the second 
> design, it was common for the kiddies to fall against the door, press
> down on the handle (opening the door), and fall out of the turning car.
> The door design, which unlocks and opens when someone depresses 
> (or falls against it), is a good example of an inherently unsafe
> design.
>
> Now for firewalls.  Many firewall products include point-and-click
> support for passing dangerous services through the firewall.  By
> Farrow's corrolary, these firewalls are designed unsafely--it is easy,
> even trivial, to do the wrong thing.  Given the public's general
> belief that having a firewall "makes their network safe", firewalls
> providing an interface which makes DOING THE WRONG THING EASY should
> be avoided.
>
> While having a GUI is not necessarily evil in itself, having any
> interface which makes it easy to configure a firewall in an unsafe
> manner is evil...
>
> Rik Farrow
> rik () spirit com
--------------------------------
Mark Teicher
CASSIE Enterprises & Trust
email:mht () clark net
Fingerprint:

1228 4108 80F4 6D3A 1392  9BE1 41C7 910A E210 C7FE