Re:[fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)

From: Chris Blask (
Date: 06/08/04

  • Next message: Dilan Walgampaya: "More infor - Re: [fw-wiz] Putting MS servers behind firewalls"
    To: "Margles Singleton" <>,
    Date: Mon, 07 Jun 2004 17:03:34 -0700

    At 08:22 PM 6/3/2004, Margles Singleton wrote:
    >>Brian Ford Spake:

    >>I don't agree that best practices are flowing through the community. Lots
    >>of folks are using stuff that isn't working well. They don't know what
    >>else is out there or how anything else other than how "their thing" works.

    Depends what you mean by "flowing". It's not the Nile River, but it keeps
    the structure ticking away so far. Brian, you know I understand the need
    for canaries in the coal mine, but there's lots of canaries so I'll let
    others carry that burden and I'll be the Bluebird of Optimism... ;-)

    >Speaking as a newbie, these lists are a great thing: I "listen" to how
    >experienced folks think and argue - and I learn. I believe there are many
    >folks like myself on these lists, simply listening in order to improve
    >their skills and knowledge.

    'Freedom of Speech Proven to Work. Central Control heard to mutter
    "damnit" before tripping over a box of Approved Worker Units, falling down
    a staircase and breaking its neck.'

    >When I moved into security, SANS was decidedly the best thing I ever did
    >for myself. I was working for a company that had no security
    >awareness/department, and I had to figure out *everything* for
    >myself. SANS gave me a road map, and a yardstick by which to measure my

    Left to your own devices you figured out where to start, worked through a
    session some other folks made avaliable for their own self-directed
    reasons, then monitored the thoughts of people attempting similar tasks.

    Isn't that just incredibly cool?

    Never forget that only a few decades ago it was a serious debate among
    Learned Folks whether people needed to be Centrally Controlled or were
    better off left to their own devices. The moment-by-moment existence of
    the Internet is proof that Central Control can go hang itself, quietly,
    thank you very much.

    In some ways the debate goes on, and we can Never Let Them Win.

    >Something I noticed, however: the SANS conferences draw a large crowd -
    >but a very small percentage of those attending ever certify. I think this
    >demonstrates that old saw: "You can lead a horse to water, but you can't
    >make him think...."


    Even better, turns out Darwin works inside individuals - we evolve at meme
    speed. There remains hope for many of the un-watered.

    >Unless - I believe until - security can be packaged in a black box, there
    >will not be tremendous gains in security. My reasoning? Black boxes are
    >those technologies that we have faith in working without knowing
    >why: microwaves, cars, and TV sets are all examples. A NASCAR team will
    >know the fine details of tuning a car, but the Great Unwashed will
    >not: they will simply turn the key and go - and this is how it should be
    >- and I believe in future it will be like that for security as well.

    True. To an extent it is already. Lots of things that used to take a
    great deal of expert handiwork are already available in sheetmetal boxes.

    Why trust sheetmetal boxes?

    1 - don't.

    2 - trust your ability to make informed choices on what sort of trust to
    put into each piece of your defenses.

    3 - if you take the effort and responsibility to be informed, you can
    determine which sheetmetal boxes are being produced by folks who are
    following Darwinistic Success Paths and use such boxes in your defense

    You shouldn't have to mine the ore and grind the gunpowder yourself, but a
    reliable MK 15 Phalanx Close-In Weapons System sure can come in handy from
    time to time...

    >In the meantime, I don't believe there is a more exciting time to be
    >working in the field of security than NOW, before everything is packaged
    >up in dull, boring, black boxes that anyone can utilize.

    I agree.

    Still, I think playing with the boxes and arranging them against bad guys
    will be fun for a while yet. There's still a lot of brand new thinking to do.

    What Brian and many others are saying remains true - there's a lot of work
    to be done and no time for lolly-gagging around. I just have exceptional
    trust in individual's aggregate ability to seek success.

    >Frankly, I think all you guys and geeks are getting too easily
    >discouraged, and not recognizing the great job that you are all doing -
    >INCLUDING communicating....

    Yep yep!

    I love it!

    Go Freedom of Speech!



    Chris Blask
    Vice President, Business Development
    Protego Networks Inc.

    (1) 416 358 9885- Mobile
    (1) 408 262 5220 - HQ
    (1) 408 262 5280 - Fax

    Protego MARS - Integration, Insight and Control

    Integration. Insight. Control.

    firewall-wizards mailing list

  • Next message: Dilan Walgampaya: "More infor - Re: [fw-wiz] Putting MS servers behind firewalls"