Proxy 2.0 secure?

Vanja Hrustic vanja@siamrelay.com
Fri, 26 Jun 1998 23:50:31


At 03:50 PM 6/25/98 -0400, Brian Steele wrote:
>The test covers the security performance of NT-based firewall systems in the
>ideal security environment, I agree.  The test do not show how that could be
>expected to perform security-wise if you were moronic enough to leave gaping
>holes in your access mechanism via test accounts, alternate access paths and
>the like.
>
>But should they?
>
>I think we may be mixing up the testing of an application's security control
>mechanisms with a company's security implementation utilizing that
>application. Or looking at it from another direction, if someone implements
>MSP 2.0 and then removes all packet filtering, is this security hole the
>fault of MSP 2.0 or the sysadmin who removed the filters?

I'm sorry if I wasn't clear.

=====[Quote from my mail]=================================================

[just to prevent 'flames', this comment was directed to 'real-world
testing', not to 'is ms proxy 2.0 secure enough?', or "is it sysadmins
fault to have test/nasa account?"]

==========================================================================

Thanks.

Vanja

Vanja Hrustic
Information Systems Manager
Siam Relay Ltd.
http://www.siamrelay.com
vanja@siamrelay.com
Phone: +662-616-8628
Fax  : +662-272-6516