Re: Ability to withstand well known attacks

[Neal Ziring <nziring@thecouch.ncsc.mil>]

Dan and everybody,

> ACLs often have undesirable and significantly negative performance impact.
Well, according to one of the other rules in the
-00 draft, ACLs shouldn't have any performance
impact.  In some respects, I think some of the
requirements that give both functional and
performance criteria may also be difficult for
some vendors to satisfy.  (Also, what consistitutes
'no impact'?   If I have a 1000-rule ACL, and it
imposes a 3% throughput penalty, is that good enough?
How about 200 rules and 5%?   There's no free lunch -
on a fast enough link, I suspect some performance
impact is inevitable for complex ACLs.)

Also, I'm worried about the definition of 'known
vulnerabilities' in the requirement.  Known to whom?
How long do they have to be known.  I agree with the
spirit of the requirement, but I just can't think of
any good way to express it that will be objectively
testable (same for 'no impact on performance').

BTW, I very much enjoyed Chris's description of
hitting Cisco devices with Nessus.

...nz