Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)

From: George Capehart (capegeo_at_opengroup.org)
Date: 05/27/04

  • Next message: Ben Nagy: "RE: [fw-wiz] Vulnerability Response"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 27 May 2004 17:58:06 -0400
    
    

    On Wednesday 26 May 2004 06:30 pm, Marcus J. Ranum wrote:

    <snip>

    > threats and vulnerabilities are, and whack those. That's a really
    > useless approach in the long run. I'd guess that a significant number
    > of the firewalls I've seen are being used to knock down "well known
    > bad things" instead of "only allow a few good things." I did a talk
    > the other day in which I outlined the "old-school" secure firewall
    > approach (non-routed networks, proxy everything, default deny, audit
    > policy violations) and people in the room were amazed: "None of our
    > users would accept that kind of solution!" they cried. Therein lies
    > the rub. As long as something so important as security is the tail
    > trying to wag the dog, it's not going to go anyplace.

    *crawls out from under rock, drags out soap box*

    Seems to me this is less a case of security being the tail trying to wag
    the dog as it is a case of users being the tail that actually wags the
    dog. One must wonder who is running the company. These are policy
    issues, for crying out loud! Sounds like it's time to introduce a
    certification and accreditation process into those organizations.
    Doesn't have to be as rigorous as DITSCAP or SP 800-37 . . . just
    something that forces the people in the company who are supposed to be
    managing the risk to do so . . . or formally, in writing, accept the
    risk that they're *not* managing.

    My 0.02 $currency_denomination.

    Cheers,

    George Capehart

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Ben Nagy: "RE: [fw-wiz] Vulnerability Response"

    Relevant Pages

    • Re: Interesting wagging behavior
      ... > Angel will be lying peacefully on my bed, then suddenly her tail will ... > wag like crazy a few times, she'll shift position, then lie quiety for a ... My dog will make different noises, ... Our other dog will make noises and move her feet but ...
      (rec.pets.dogs.behavior)
    • Re: "Shared" procedure division code
      ... The danger is that the "word authority" become an ... >'dogma' comes from :-)) The tail does not wag the dog. ...
      (comp.lang.cobol)
    • Re: MOM .. He shot my dog !
      ... It's relevant because it goes to whether the dog was attacking or not. ... are bitten while the dog is wagging its tail." ... The study of canine behavior can't be boiled down to a few paragraphs on wikipedia, but didn't I already mentioned that tail wagging CAN accompany aggression? ... Why Do Dogs Wag Their Tails? ...
      (alt.guitar.amps)
    • Re: Did you like the Obama "soft ball" game?
      ... Tail doesn't wag the dog, idiot. ...
      (rec.arts.tv)
    • Re: Anyone remember this???
      ... As 'Wag the Dog' ... In his interview with Fox News' Chris Wallace, former President Bill ... Clinton noted that the political right, which now accuses him of not doing ...
      (alt.politics)