Re: [fw-wiz] Personal Firewall Day?

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 10/05/03

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Personal Firewall Day?" 
    To: Charles Miller <cmiller@pastiche.org>, firewall-wizards@honor.icsalabs.com
Date: Sun, 05 Oct 2003 13:30:17 -0400

    Charles Miller wrote:
    >'To combat the problems with patch management, however, the company [Microsoft] is moving to a "securing the perimeter" strategy where it will partner with various firewall companies to ensure that electronic attacks don't even reach their intended targets but are instead thwarted at the edge of the network

    One of the indicators of a security problem that has gotten out of
    hand is a flip-flopping between firewalls and host security. :) I remember
    a couple government agencies that went that route over the years.
            - "We don't NEED a firewall, we have good host security!"
            (they get hacked to pieces and finally can't hide it anymore)
            - "We don't NEED host security, we have a good firewall!"
            (they get trojaned, botted, and hacked to pieces and finally
                    can't hide it anymore)
            - "We are going to use strong host security because we don't
                    need a firewall..."
            (lather, rinse, repeat...)

    Is there a real answer? I think that there is but Microsoft can't
    give it because it's contrary to their business model. Linux can't
    do it because it's contrary to its proponent's mind-sets. Maybe
    Sony can do it through their Playstation sales unit. Basically,
    the answer is to kill off general-purpose computing for 99.9%
    of the desktops in the world. Really, it's not necessary for Joe
    Average User (though Joe wouldn't agree). I think Schneier and
    Geer et al were wrong when they wrote their little paper about
    Microsoft monoculture being dangerous - they adopted a
    disease model and, like most analogies, they let the analogy
    steer their thinking. What we need is a monoculture but we
    need to recognize that we're building one and make sure it
    has a good immune system that can spread and share
    immunity as fast (ideally faster!) than new cyberpathogens can
    spread. But that's a topic for another day. ;)

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Personal Firewall Day?"

    Relevant Pages

    • Re: [fw-wiz] Personal Firewall Day?
      ... > One of the indicators of a security problem that has gotten out of ... how about a "blame the lazy admin week" instead of a personal ... > disease model and, like most analogies, they let the analogy ... > has a good immune system that can spread and share ...
      (Firewall-Wizards)
    • Re: 4.5 Sync - XP and HTC Touch
      ... Arrange with any firewalls that your computer is running to pass *all* ... See if that seems to be helping (obviously, ... security problem, potentially; make sure that you do this safely). ... says "Stopping", but nevers stops. ...
      (microsoft.public.pocketpc.activesync)
    • RE: Firewall overkill
      ... The largest security problem is often found on the local network and not on the internet. ... Firewalls on all computers will always give better security. ...
      (microsoft.public.win2000.security)