Re: [fw-wiz] iso 17799
From: R. DuFresne (dufresne_at_sysinfo.com)
To: Dana Nowell <DanaNowell@cornerstonesoftware.com> Date: Wed, 21 Jul 2004 23:21:46 -0400 (EDT)
> OK, so I have a clue, you have a clue, Paul has a clue, and I'd bet several
> others around here have a clue, let's find a way to share. That's all I'm
> recommending. I think if we don't share now the marketing droids will win
> (yeah, OK probably will anyway) and we will get 'standards' then we will
> have to battle the standards where they don't make sense (remember
> everything tunneled over HTTP anyone :-). Either way, it's time to share
> ammo and concentrate fire, it's a target rich environment and I'm having
> trouble choosing some days. Assuming we can agree to share, the real
> problem is what and how do we share. Any suggestions? Should it be a new
> subject? Should we forget it (is the list enough)?
Though it hasn't been updated in sometime, I bet the firewalls-faq is
still available online.
There are tons of books on firewalling and basic security techniques, I
must have 15 or 20 in my bookcase, some in the second edition like
"Firewalls and Internet Security" by Cheswick, Bellovin, and Rubin.
Most *nix's have various documents explaining how to setup varioous
security components, man pages, README's, FAQ's.
Most al of these are based upon the points Marcus posted to this thread
one or two posts back, all fine points well known and documented and
available to one and all for ten years or more. If there are standards,
or basic principles those Marcus listed are pretty much it. The thing is
though, no one wants 'standards', no one really wishes to follow the
basics, gawdman, this is the IT field afterall <smile>, it's bleeding edge
or nothing. everytime someone is advised that what they wish to do is
risky and will be making swiss cheese of their network, there's a little
voice in the back of their heads that tells them "the risk can be
minimised" or "your too small to be a target, your hiding in a haystack of
numbers afterall". Or worse yet, there's a voice in there bvosses ear,
perehaps a sales lizard marketing the doo-dad, and claiming that it's
slved all security risks with it's proprietary GUI, triple wep encrypted
internal routing scheme can statefully-proxy anything tossed at it while
probing each packet for nsaties not yet developed, so you too can pass
everything that can be enveloped in any http packet, including all those
nasty microsfot ports that 'were' once unsafe to pass internet wise. and
of course then the boss gets you a new toy and tells you to fix it so he
can control his toaster and TV and fridg from his desktop while IM'ing
with his golf buddies and checking his savings from his desk at work, and
you get to put it <the new toy> to work, so he can -=work=-.
The standards exist, but, what fun are standards that prevent one from
pushing the envelope of insanity?
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards