RE: [fw-wiz] Worms, Air Gaps and Responsibility

From: Paul D. Robertson (
Date: 05/06/04

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)"
    To: Carson Gaspar <>
    Date: Thu, 6 May 2004 10:34:24 -0400 (EDT)

    On Wed, 5 May 2004, Carson Gaspar wrote:

    > I agree. My response was to you're "what excuse do they have" question. In
    > my specific industry, they have a bunch. Most other industries don't make
    > every single dollar based on timely, accurate, electronic information. When
    > your entire business is manipulating flows of information, based on other
    > flows of information, limiting who can see what is a very tough job. Not
    > impossible, but extremely difficult, and very expensive.

    But by the same token, that makes a massive network/node failure all that
    more expensive- at some stage, we have to start taking infrastructure
    seriously, and I'd argue that it's businesses that rely on infrastructure
    so heavily that need to be in front of it.

    I understand where you're coming from, I'd just like to see us all make
    more coordinated and extensive efforts to revisit the "connectivity trumps
    all" mantra.

    Maybe I'm too optimistic, but I always used incidents like this last worm
    to get policy changes, validate the usefulness of controls when we didn't
    get hit, and generally give the senior execs ammo to crow about how well
    done their practical support of security programs was.

    Their peers getting hit when we weren't probably made almost as much
    difference for policy changes as getting hit (which really frees up
    capital, but doesn't gain them bragging rights.)

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] BGP TCP RST Attacks (was:CIsco PIX vulnerable to TCP RST DOS attacks)"

    Relevant Pages

    • Re: Privatisation - nearly 20 years on
      ... Paul Corfield wrote: ... circle with the large operators controlling the ... market to create the new big groups that would take the bus industry off ... the timetables for the routes they took on on their corporate website. ...
    • Re: (ot) 2005 global temperature record surpassed
      ... Paul J Gans wrote: ... I have heard the medical industry is growing at 9% per ... medical industry will double and in those 7 years more money will pass ...
    • Re: A light question
      ... Paul wrote: ... > Car accidents, Kittens/Children out of trees, Toxic alerts, Chemical ... > spillages, Fire Prevention lectures and expertise to industry, ... > Assistance to Bomb Squad - and that's just off the top of my head. ...
    • Re: Cash flow problems seem widespread in the anime industry
      ... Probably the Sam Goody/Suncoast problems really shook up the industry. ... Plus there has not been a mainstream Pokemon or DBZ level ... hit for a few years now. ...
    • Re: Mining question: prospect to mine ratio
      ... What is the ratio of failed prospects to completed producing mines? ... This can be for any mineral industry.. ... Thanks Paul. ...