2016 Postmortem
In reply to the discussion: No surprise: Tech sites aren't buying DNC hysteria on breech [View all]grendelsd
(23 posts)(Source, I am a chief architect / vp of engineering for internet companies for the last 17 years).
I am very confused by the explanations coming for the DNC and vendor. There is not such thing as a 'firewall' that works this way. This is not how databases and security systems work.
A firewall prevents improper connections to a server / network. For example, most web sites are behind firewalls that block all incoming traffic except on port 80 and 443, which is port that web browsers hit (HTTP and HTTPS respectively).
Firewalls can also be configured to block people from behind the firewall from getting to certain sites ("The Great Firewall of China" is just one example.
Firewall in general do not filter or block content that is sent over one of the open points. Since the are probably using the secure protocol (HTTPS), that would be extraordinarily expensive.
More important, the content that was improperly served up was valid content that was sent to the wrong user. Firewalls have no concept of the person login on. Identity would be handled by the web applications.
Since the web application knows the identity of the person accessing the site, it is responsible for serving up the content. This is usually done through some sort of access control list (ACL). This is very old and well known technology which even predates the internet.
Nothing in their explanation of what went wrong makes any sense at any level. The idea that you could 'turn off' a firewall and give someone access to content is, well basically, insane. In nerd speak, 'it does not parse'.
To get the effect they had, someone would have to either have screwed up the initial configuration of the ACLs or someone purposefully reconfigured them. The former is in competence, the latter, well, why.
There are many other technical details and safeguards that would have 'come out of the box' meaning are basically free to implement.
I will be happy to answer any questions.
Edit history
![](du4img/smicon-reply-new.gif)