Re: [fw-wiz] Worms, Air Gaps and Responsibility

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 05/07/04

  • Next message: Thomas W Shinder: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
    To: Crispin Cowan <crispin@immunix.com>
    Date: Fri, 7 May 2004 08:28:46 -0400 (EDT)
    
    

    On Thu, 6 May 2004, Crispin Cowan wrote:

    > Paul D. Robertson wrote:
    >
    > >With all the money spent on "security" solutions that aren't as effective
    > >as "don't connect"- how many companies even look at their user population
    > >risk profiles and architect for it? Not connecting is *really* cheap and
    > >*really* effective.
    > >
    > >
    > Really effective I'll believe (it definitely is secure) but really cheap
    > I will challenge. IT facilities like e-mail and web do a lot to reduce
    > operational costs. If you declare everyone's workstation to be
    > "production" and disconnect them from the Internet then you may end up
    > deploying a second set of workstations for Internet access, and that is
    > not cheap.

    Generally, (there's been enough about the financial services exception)
    most workstations aren't "production," so using military grade
    disconnection (you know, pull out that cable between the switches or to
    the router between the switches ;) ) to separate things which are mission
    critical from things which aren't works quite well. I happen to think
    it's about as effective to dual-home some stable machines, like e-mail
    gateways for the necessary intercommunication- but the slower maintenance
    and change cycle on the production side should cover the costs of what
    little overlap you have to purchase equipment-wise (yes, if your machine
    budget still comes from capital, operations are out of the expense
    budget, a bean counter has to balance the numbers somewhere.)

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Thomas W Shinder: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"

    Relevant Pages

    • Re: Wings guitarist quit over money
      ... I recall one part where Paul and Linda came by cab to visit ... > Linda explained that when she and Paul took a cab, ... > to pay the driver by giving the driver Paul's autograph, ... Despite what she says about being a "cheap date", ...
      (rec.music.beatles)
    • Re: Ok, so now Im hooked...
      ... spoke to a few of you in the IRC chat thingy. ... As you can probably guess my budget is a little tight, ... cheap, ...
      (uk.music.guitar)
    • Re: Fuck me Saabs are cheap now
      ... The ammount of Saab TiD company cars you see ... I followed a link there from an advert on the trader - they have a Saab in budget that looks like a good buy? ... I like those ST Mondeos, they look cool - although, my mum's decided their next car is the ST300 estate, petrol version with the 3.0 V6, because they'll get cheap now with the big tax, but their 2.5 Ghia X is like, £400 anyway and they do sod all mileage, so no mpg worries here. ... I just looked them up on the trader after typing that - jesus they're cheap, estates and saloons seem to be reasonably closely priced. ...
      (uk.rec.cars.modifications)
    • Re: NYC on the cheap?
      ... Our free time is limited, we're really just flying in for the wedding, but we ... Being on a budget and all, can anyone recommend a must eat at place that is ... and veggie. ... costs a tad more but it's CHEAP! ...
      (rec.food.cooking)