RE: [fw-wiz] A little paranoia for the weekend...

From: Paul Robertson (proberts_at_patriot.net)
Date: 07/29/03

Next message: Frank Knobbe: "Re: [fw-wiz] DNS records for a firewall NAT pool"

Previous message: Paul Robertson: "[fw-wiz] Spam."
In reply to: Behm, Jeffrey L.: "RE: [fw-wiz] A little paranoia for the weekend..."
Next in thread: Joseph Steinberg: "Re: [fw-wiz] A little paranoia for the weekend..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Behm, Jeffrey L." <BehmJL@bvsg.com>
Date: Tue, 29 Jul 2003 17:43:10 -0400 (EDT)

On Tue, 29 Jul 2003, Behm, Jeffrey L. wrote:

> >From the other side of the coin:
>
> But if the credential is lost, isn't the data history as well?

Generally, yes, however it's not always the case. If, for instance, I
time and trip limit remote access to a resource, then the credential's
lifetime is limited. It always concerns me when we look at point
solutions instead of solving classes of problems- and this is classic-
from the technologist's standpoint, limiting the credential is most of the
point. Very few technologists (and yes, I'm overgeneralizing) deal with
trade secrets, business secrets, etc.

I'm a lot like Arkady, my data isn't always all that important, so fixing
the credential problem makes sense. But when that solution gets rolled
out to the general user population, we get a threat and protection
mismatch. Like with SSL, we're focusing on the wrong part of the problem-
moving the encrypted data down to a trusted host (like the cellular phone
cited) is a good solution, and fixes the issue in a much more effective
manner (assuming a lot of prerequisites, but hey...)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Frank Knobbe: "Re: [fw-wiz] DNS records for a firewall NAT pool"

Previous message: Paul Robertson: "[fw-wiz] Spam."
In reply to: Behm, Jeffrey L.: "RE: [fw-wiz] A little paranoia for the weekend..."
Next in thread: Joseph Steinberg: "Re: [fw-wiz] A little paranoia for the weekend..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: The moron scorecard
... are more of a loser than Dr. Paul is. ... stupid to even know just how dumb you are. ... It's not like he just barely lost. ... But true believers, like I Love China Bob, will moronically claim he lost because the convention was "brokered" despite the fact that the eventually winner would have done so by winning the required delegates in open free elections of his party's supporters. ...
(misc.taxes)
Re: Microsoft: Change to IE will block some Web URLs
... Ah OK Paul, I have to admit, the message somewhat lost me! ... >> You lost me totally George. ... > He is under the mistaken illusion that what Microsoft is doing is a bad ...
(microsoft.public.security)
Re: Human brain on an evolutionary sprint!
... Paul Crowley wrote: ... Sorry, I'm still lost. ... theory is to explain the selective origin of homind traits. ... > There are trees that work with ants; ...
(sci.anthropology.paleo)
Re: Are orgasms proof of God?
... Yes, top poaster. ... I lost my virginity on ... with her for being a crazy ass bitch. ... Paul ...
(rec.sport.football.college)