Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
From: Margles Singleton (margles_s_at_hotmail.com)
Date: 06/04/04
- Previous message: firewalladmin_at_bellsouth.net: "Re: Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Maybe in reply to: Brian Ford: "Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Next in thread: Gwendolynn ferch Elydyr: "Certification (was Re:[fw-wiz] Vulnerability Response)"
- Reply: Gwendolynn ferch Elydyr: "Certification (was Re:[fw-wiz] Vulnerability Response)"
- Reply: Chris Blask: "Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Thu, 03 Jun 2004 22:22:11 -0500
>I don't agree that best practices are flowing through the community. Lots
>of folks are using stuff that isn't working well. They don't know what
>else is out there or how anything else other than how "their thing" works.
Speaking as a newbie, these lists are a great thing: I "listen" to how
experienced folks think and argue - and I learn. I believe there are many
folks like myself on these lists, simply listening in order to improve their
skills and knowledge.
>gave that a shot. Before that I thought the SANs direction (again with
>certifications) was good. I don't know if this will work for as large a
>portion of the population as is needed.
When I moved into security, SANS was decidedly the best thing I ever did for
myself. I was working for a company that had no security
awareness/department, and I had to figure out *everything* for myself. SANS
gave me a road map, and a yardstick by which to measure my progress.
Something I noticed, however: the SANS conferences draw a large crowd - but
a very small percentage of those attending ever certify. I think this
demonstrates that old saw: "You can lead a horse to water, but you can't
make him think...."
Unless - I believe until - security can be packaged in a black box, there
will not be tremendous gains in security. My reasoning? Black boxes are
those technologies that we have faith in working without knowing why:
microwaves, cars, and TV sets are all examples. A NASCAR team will know the
fine details of tuning a car, but the Great Unwashed will not: they will
simply turn the key and go - and this is how it should be - and I believe in
future it will be like that for security as well. In the meantime, I don't
believe there is a more exciting time to be working in the field of security
than NOW, before everything is packaged up in dull, boring, black boxes that
anyone can utilize.
Frankly, I think all you guys and geeks are getting too easily discouraged,
and not recognizing the great job that you are all doing - INCLUDING
communicating....
Margles
_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE
download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: firewalladmin_at_bellsouth.net: "Re: Re: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Maybe in reply to: Brian Ford: "Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Next in thread: Gwendolynn ferch Elydyr: "Certification (was Re:[fw-wiz] Vulnerability Response)"
- Reply: Gwendolynn ferch Elydyr: "Certification (was Re:[fw-wiz] Vulnerability Response)"
- Reply: Chris Blask: "Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
