Re: [fw-wiz] Firewalls and 802.1q trunking

From: Mike Hoskins (mike@adept.org)
Date: 12/14/02


From: Mike Hoskins <mike@adept.org>
To: firewall-wizards@honor.icsalabs.com
Date: Sat Dec 14 19:34:16 2002

From: t <miedaner@twcny.rr.com>
> I like to say you that I can grab an employee by the collar and make him
> stop what he is doing or prosecute.

How about disgruntled employees with inside knowledge? I don't like
some of the hype surrounding many Internet-related statistics (they're
generally made up to sell the product at hand), but you should also never
get in the habit of dismissing potential threats. Trust noone. Also,
it's typically cheaper to prepare than to deal with the mess after the
fact (and explain potential downtime or data loss to clients).

"Marcus J. Ranum" wrote:
> The "80% of attacks come from the inside" statistic that
> has been broadly quoted by INFOSEC practitioners is, as far
> as I can tell, completely made up. In fact, the shocking
> results of a recent study revealed that 99.5% of statistics
> regarding Internet Security are made up, or otherwise based
> on flawed assumptions.*

99.5% of statistics are made up. That's the game statisticians (get paid
to) play. ;)

In general, if you just go around grabbing statistics without any attempt
to verify data yourself or apply the results of the lated studies to your
specific installation, needs, etc... You'll waste a lot of money and end
up with a security infrastructure that looks something like swiss cheese.
If you're a security person, you're tasked with asset identification, risk
analysis, etc. Don't trust other people to do your work for you... That
goes for most things in life.

--
Mike Hoskins		This message is RFC 1855 compliant,
mike@adept.org		www.adept.org/pub/rfcs/rfc1855.html


Relevant Pages

  • Feed Data from Multiple worksheets to a Summary Worksheet
    ... I have a workbook with worksheets for every employee on a certain ... pertinent data from each employee compiled on a summary page in the ... New statistics for each employee will be entered on a regular basis ... and don't want to adjust what cells are being looked at. ...
    (microsoft.public.excel.worksheet.functions)
  • Re: HR Harassment...
    ... collect statistics about the races of all employees. ... should/shouldn't have laws of the sort to which "McGyver" referred. ... an employee may be included in whatever ...
    (misc.legal)
  • Re: Root exploit for FreeBSD
    ... This was rejected in favor of me doing security research for ... students followed suit with the dean and tried arguing with me that my code ... mentioned grad students) if it's not "mainstream thinking"...I feel sorry ... I'd skip the statistics in favor of putting together a resume. ...
    (freebsd-questions)
  • Re: Root exploit for FreeBSD
    ... This was rejected in favor of me doing security research for ... students followed suit with the dean and tried arguing with me that my code ... mentioned grad students) if it's not "mainstream thinking"...I feel sorry ... I'd skip the statistics in favor of putting together a resume. ...
    (freebsd-current)
  • RE: How to create security awareness in top management
    ... Some pretty good statistics throughout. ... on specific incidents, but when talking to top management, this has some ... pretty good points that focus on the business aspects of security. ... How to create security awareness in top management ...
    (Security-Basics)