RE: [fw-wiz] Worms, Air Gaps and Responsibility
From: Eugene Kuznetsov (eugene_at_datapower.com)
Date: 05/13/04
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Next in thread: ArkanoiD: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Dana Nowell'" <DanaNowell@cornerstonesoftware.com>, "'Paul D. Robertson'" <paul@compuwar.net> Date: Thu, 13 May 2004 17:16:00 -0400
[snip]
> I'd argue that boxes with equal 'ubiquity' start with an equal
> 'targetability coefficient' which is then adjusted based on
> end use (kudos,
> spam, intel, ...) and 'breakability'. Since Windows scores
+1, very good points...
It is the "level of functionality/complexity" (to first order, proportional
to # of lines of code) X "ubiquity" X "value-of-seized-platform" X
"security-quality".
The more "connected" you are and the richer the interfaces that are exposed,
the more security risk there is. That's why RPC interfaces are so much more
dangerous that simple web servers, and web servers are more vulnerable than
IP forwarding engines. The underlying security of the code is part of the
issue, but it's an independent variable.
\\ Eugene Kuznetsov, Chairman & CTO : eugene@datapower.com
\\ DataPower Technology, Inc. : Web Services security
\\ http://www.datapower.com : XML-aware networks
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- In reply to: Dana Nowell: "RE: [fw-wiz] Worms, Air Gaps and Responsibility"
- Next in thread: ArkanoiD: "Re: [fw-wiz] Worms, Air Gaps and Responsibility"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
