Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)

From: Chris Blask (blask_at_protegonetworks.com)
Date: 06/08/04

  • Next message: Dilan Walgampaya: "More infor - Re: [fw-wiz] Putting MS servers behind firewalls"
    To: "Margles Singleton" <margles_s@hotmail.com>, firewall-wizards@honor.icsalabs.com
    Date: Mon, 07 Jun 2004 17:03:34 -0700
    
    

    At 08:22 PM 6/3/2004, Margles Singleton wrote:
    >>Brian Ford Spake:

    >>I don't agree that best practices are flowing through the community. Lots
    >>of folks are using stuff that isn't working well. They don't know what
    >>else is out there or how anything else other than how "their thing" works.

    Depends what you mean by "flowing". It's not the Nile River, but it keeps
    the structure ticking away so far. Brian, you know I understand the need
    for canaries in the coal mine, but there's lots of canaries so I'll let
    others carry that burden and I'll be the Bluebird of Optimism... ;-)

    >Speaking as a newbie, these lists are a great thing: I "listen" to how
    >experienced folks think and argue - and I learn. I believe there are many
    >folks like myself on these lists, simply listening in order to improve
    >their skills and knowledge.

    'Freedom of Speech Proven to Work. Central Control heard to mutter
    "damnit" before tripping over a box of Approved Worker Units, falling down
    a staircase and breaking its neck.'

    >When I moved into security, SANS was decidedly the best thing I ever did
    >for myself. I was working for a company that had no security
    >awareness/department, and I had to figure out *everything* for
    >myself. SANS gave me a road map, and a yardstick by which to measure my
    >progress.

    Left to your own devices you figured out where to start, worked through a
    session some other folks made avaliable for their own self-directed
    reasons, then monitored the thoughts of people attempting similar tasks.

    Isn't that just incredibly cool?

    Never forget that only a few decades ago it was a serious debate among
    Learned Folks whether people needed to be Centrally Controlled or were
    better off left to their own devices. The moment-by-moment existence of
    the Internet is proof that Central Control can go hang itself, quietly,
    thank you very much.

    In some ways the debate goes on, and we can Never Let Them Win.

    >Something I noticed, however: the SANS conferences draw a large crowd -
    >but a very small percentage of those attending ever certify. I think this
    >demonstrates that old saw: "You can lead a horse to water, but you can't
    >make him think...."

    Darwin.

    Even better, turns out Darwin works inside individuals - we evolve at meme
    speed. There remains hope for many of the un-watered.

    >Unless - I believe until - security can be packaged in a black box, there
    >will not be tremendous gains in security. My reasoning? Black boxes are
    >those technologies that we have faith in working without knowing
    >why: microwaves, cars, and TV sets are all examples. A NASCAR team will
    >know the fine details of tuning a car, but the Great Unwashed will
    >not: they will simply turn the key and go - and this is how it should be
    >- and I believe in future it will be like that for security as well.

    True. To an extent it is already. Lots of things that used to take a
    great deal of expert handiwork are already available in sheetmetal boxes.

    Why trust sheetmetal boxes?

    1 - don't.

    2 - trust your ability to make informed choices on what sort of trust to
    put into each piece of your defenses.

    3 - if you take the effort and responsibility to be informed, you can
    determine which sheetmetal boxes are being produced by folks who are
    following Darwinistic Success Paths and use such boxes in your defense
    structure.

    You shouldn't have to mine the ore and grind the gunpowder yourself, but a
    reliable MK 15 Phalanx Close-In Weapons System sure can come in handy from
    time to time...

    >In the meantime, I don't believe there is a more exciting time to be
    >working in the field of security than NOW, before everything is packaged
    >up in dull, boring, black boxes that anyone can utilize.

    I agree.

    Still, I think playing with the boxes and arranging them against bad guys
    will be fun for a while yet. There's still a lot of brand new thinking to do.

    What Brian and many others are saying remains true - there's a lot of work
    to be done and no time for lolly-gagging around. I just have exceptional
    trust in individual's aggregate ability to seek success.

    >Frankly, I think all you guys and geeks are getting too easily
    >discouraged, and not recognizing the great job that you are all doing -
    >INCLUDING communicating....

    Yep yep!

    I love it!

    Go Freedom of Speech!

    :-)

    -chris

    Chris Blask
    Vice President, Business Development
    Protego Networks Inc.

    (1) 416 358 9885- Mobile
    (1) 408 262 5220 - HQ
    (1) 408 262 5280 - Fax

    blask@protegonetworks.com
    www.protegonetworks.com

    Protego MARS - Integration, Insight and Control

    Integration. Insight. Control.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dilan Walgampaya: "More infor - Re: [fw-wiz] Putting MS servers behind firewalls"

    Relevant Pages

    • one last question: saving org charts as web pages, output box sizes
      ... I've got my org chart working on a staging server for folks to look at for ... the shapes on each org chart page are the same (40mm wide by 20 mm ... It isn't that the web zoom is different- the ... leader who has two direct reports, and the boxes are huge. ...
      (microsoft.public.visio.general)
    • Re: Busted - I was SO busted
      ... the boxes of overdyes IN FRONT OF HER FATHER. ... I hear crossing the Canadian border w/stash is sure to get Customs angry. ... The folks on the Canadian side of the border were lovely when we crossed. ...
      (rec.crafts.textiles.needlework)
    • Re: A Very Russo Christmas Trip Report - Day 4
      ... the folks on the river side to exit to the rear and not to step over the boxes in the center. ... The people on the Skipper's left file toward the exit. ... The folks on his right head toward the rear to continue the exit line. ...
      (rec.arts.disney.parks)
    • Re: R871 Hornby Coronation?
      ... > Could folks please let me know what boxes these came in? ... I take the loco, or rolling stock, out of the box, at a bare minimum, ...
      (uk.rec.models.rail)
    • Re: Tell our new President your transportation concerns
      ... not trust the process. ... Let's be clear that no matter what is done, "some folks aren't going ... At first major players were greatly opposed to taxes and borrowing to ... roads that benefit them in particular.... ...
      (misc.transport.road)