RE: [fw-wiz] A little paranoia for the weekend...

From: Paul Robertson (proberts_at_patriot.net)
Date: 07/29/03

  • Next message: Frank Knobbe: "Re: [fw-wiz] DNS records for a firewall NAT pool" 
    To: "Behm, Jeffrey L." <BehmJL@bvsg.com>
Date: Tue, 29 Jul 2003 17:43:10 -0400 (EDT)

    On Tue, 29 Jul 2003, Behm, Jeffrey L. wrote:

    > >From the other side of the coin:
    >
    > But if the credential is lost, isn't the data history as well?

    Generally, yes, however it's not always the case. If, for instance, I
    time and trip limit remote access to a resource, then the credential's
    lifetime is limited. It always concerns me when we look at point
    solutions instead of solving classes of problems- and this is classic-
    from the technologist's standpoint, limiting the credential is most of the
    point. Very few technologists (and yes, I'm overgeneralizing) deal with
    trade secrets, business secrets, etc.

    I'm a lot like Arkady, my data isn't always all that important, so fixing
    the credential problem makes sense. But when that solution gets rolled
    out to the general user population, we get a threat and protection
    mismatch. Like with SSL, we're focusing on the wrong part of the problem-
    moving the encrypted data down to a trusted host (like the cellular phone
    cited) is a good solution, and fixes the issue in a much more effective
    manner (assuming a lot of prerequisites, but hey...)

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Frank Knobbe: "Re: [fw-wiz] DNS records for a firewall NAT pool"

    Relevant Pages

    • Re: Microsoft: Change to IE will block some Web URLs
      ... Ah OK Paul, I have to admit, the message somewhat lost me! ... >> You lost me totally George. ... > He is under the mistaken illusion that what Microsoft is doing is a bad ...
      (microsoft.public.security)
    • Re: Human brain on an evolutionary sprint!
      ... Paul Crowley wrote: ... Sorry, I'm still lost. ... theory is to explain the selective origin of homind traits. ... > There are trees that work with ants; ...
      (sci.anthropology.paleo)
    • Re: Are orgasms proof of God?
      ... Yes, top poaster. ... I lost my virginity on ... with her for being a crazy ass bitch. ... Paul ...
      (rec.sport.football.college)