Re: Most Popular Hardware Firewalls?

Leythos wrote:

>>> That's where you're confused, they are watched at the right point, in
>>> fact at multiple points.
>> Behind their back / on the screen? All the time?
>
> Nope, don't need to watch them directly, they can't do anything that
> can't be seen over the network.

Are you watching the screen over the network or just the network traffic?

>>> Not only IS it practical, it's done by normal practice in many
>>> companies, at least the ones that want to be secure. And this doesn't
>>> even take into account the Mandatory Security settings that can be
>>> pushed out via GP to the workstations for IE.
>> There is no secure configuration for IE, neither would it be practical.
>
> The you don't know much about it and how to set it up.

Believe me, I do. I'm currently maintaining an IE security vulnerability
database and I can even assign relevant code parts from the Win2KSP1
source for detailed understanding of the issues.

And it's fun that you can't even use user-definied stylesheets to
circumvent certain boundary errors within the CSS parser which are
invoked from a malicious website.

>> Someone who still believes in Enumerating Badness...
>
> What does that make you - someone that doesn't know how to secure a
> network, it's simple, you just have to know enough.

I know how to secure a network, just properly. And still you don't want
to understand what vulnerabilities MSIE exposes, which one can and which
can't be effectively countered. Just as I told above one simple
unpatched bug would basically force you to filter out all CSS
stylesheets, which would render most websites pretty useless.
Received on Mon May 1 00:53:24 2006