Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: B. Scott Harroff (Scott.Harroff@att.net)
Date: 08/23/02
- Next message: David Lang: "Re: [fw-wiz] X11 forwarding"
- Previous message: hermit921: "[fw-wiz] X11 forwarding"
- In reply to: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Dave Piscitello: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: Dave Piscitello: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "B. Scott Harroff" <Scott.Harroff@att.net> To: "Adam Shostack" <adam@homeport.org> Date: Fri Aug 23 17:32:18 2002
I believe authentication is necessary since one can't positively identify
all the potential weapons in outbound traffic. At the port level, yes, one
can recognize out bound KaZaa, PC-Anywhere, VPN traffic, Instant Messaging,
and SMTP/POP traffic from unauthorized mail sources, etc, and stop it
(recognizing the weapon/hostile intent). Having the authentication
information to send a brief "Don't do that, its agaist policy message" is
useful in this circumstance.
One can even recognize outbound code-red in http traffic and stop it (now,
having authentication to identify the infected PC/user becomes very useful).
In real-time, one can not positively recognize if the other outbound traffic
to a site is hostile or not (porn for example). That's when positive
authentication is necessary. One needs to know its positively Jane Doe that
went to the porn site (which is against policy) or it was someone who sat
down at her authenticated workstation when she walked away without logging
off (which is against policy) before disciplinary actions are initiated.
----- Original Message -----
From: "Adam Shostack" <adam@homeport.org>
To: "B. Scott Harroff" <Scott.Harroff@att.net>
Cc: <firewall-wizards@honor.icsalabs.com>
Sent: Thursday, August 22, 2002 7:49 PM
Subject: Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 /
project mayhem )
> On Thu, Aug 22, 2002 at 12:32:24PM -0400, B. Scott Harroff wrote:
> | In my humble opinion, corporate security people not authenticing and
> | filtering/monitoring traffic heading off the corporate network is a like
> | airport personel not verifying individuals identities who are on an
outbound
> | airplane, or checking what they are carrying. 99.99% of the time
nothing
> | happens, that last 1% can be very painful though.
>
> This is one of my pet peeves: Verifying my identity wasn't what was
> needed, verifying that I don't have hostile intent was. Today, the
> verification that I'm without weapons is probably sufficient, given
> that passengers are likely to fight, expecting to die anyway. Then
> there's the question of were weapons left aboard for you, but thats
> incidental: You could answer the question as well with passengers
> who are anonymous.
>
> And incidentally, your math is off by two orders of magnitude. ;)
>
> Adam
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: David Lang: "Re: [fw-wiz] X11 forwarding"
- Previous message: hermit921: "[fw-wiz] X11 forwarding"
- In reply to: Adam Shostack: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Dave Piscitello: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: Dave Piscitello: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
