Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SANS Top Ten and Commercial Firewalls

From: Devdas Bhagat <dvb () users sourceforge net>
Date: Fri, 4 Oct 2002 11:30:58 +0530
On 03/10/02 11:34 -0400, Paul D. Robertson wrote:

On Thu, 3 Oct 2002, Anton A. Chuvakin wrote:


proftpd, vsftpd, pureftpd
...
Postfix/Qmail
...


Is there any evidence that helps decide whether its more secure because
its written better or because its used less?


(A) Project history- Postfix and Qmail have held up well, proftpd erm, 
hasn't.  I haven't followed the other two, since FTP is on my list of "Horribly 
broken protocols I'll never support."

I'll agree wuith this. Proftpd has not had a showstopping bug except for
a DOS due to globbing (IIRC). There have been minor bugs, but none of
them were the security kind.
I haven't runa ftpd for quite some time, and when I was looking (about
Nov/Dec 2000), proftpd was the best choice due to its easy config and
relative security. Current status is a wholly differnt issue.


(B) Look at the code.

This always works, but its a question of time on the security people's
part.
 

(C) Developer history.

Good stance to go by for first filtering.


(D) Developer's understanding of the protocol and its weaknesses.

Difficult to judge rapidly. Since the weaknesses are usually at the
boundaries. Also, the developers understanding of the language used.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: