RE: [fw-wiz] A fun smackdown...

From: Behm, Jeffrey L. (BehmJL_at_bvsg.com)
Date: 05/19/05

  • Next message: Aaron Smith: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls" 
    To: <firewall-wizards@honor.icsalabs.com>
Date: Thu, 19 May 2005 09:32:09 -0500

    On Thursday, May 19, 2005 8:04 AM, Paul D. Robertson spake:
    >On Tue, 17 May 2005, Martin wrote:
    >>
    >> "Be liberal in what you accept; be strict in what you send."
    >
    >_All_ effective security controls break that tenet. The more liberal
    your
    >controls, the more risk you assume.

    Honeypots? Perhaps you don't consider that a control...

    Never use words like _All_ and _never_ ;-)

    Jeff
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Aaron Smith: "Re: [fw-wiz] Thoughts on the new Cisco ASA 5500 firewalls"

    Relevant Pages

    • Re: How does a customer get PCI audited?
      ... You can be purple in the face with controls and training, but if you are never PROPERLY tested by a REAL team then you will never know where your REAL risks are. ... You must have a strong understanding of the threat and how the threat might align with your risk and exposure profile. ... Suggesting that anyone build controls without first having a GOOD and REAL assessment is horrible advice. ... PCI-DSS compliance is at least a small defence. ...
      (Security-Basics)
    • Re: How does a customer get PCI audited?
      ... threat and how the threat might align with your risk and exposure profile. ... the job of a penetration testing company is to test the security of an existing IT Infrastructure and the effectiveness of policies and procedures to a degree. ... Those customers hire us to launch unannounced penetration tests against their infrastructure as a means to test how well their personnel follow the incident response policies. ... That said, penetration tests and vulnerability assessments do not perform complete reviews of a businesses controls, but they can challenge them to a degree. ...
      (Security-Basics)
    • RE: Link Multiple Criteria
      ... a main form based on tblRisks with a sub form based ... Controls that relate to that Risk. ... RiskID ...
      (microsoft.public.access.tablesdbdesign)
    • Re: Link Multiple Criteria
      ... Number data type, Long Integer Format. ... You can use Autonumber for those PK fields. ... Is there a risk that the autonumber may reset and i end up ... input risks and the controls that mitigate those risks. ...
      (microsoft.public.access.tablesdbdesign)
    • Re: "No objects need to be updated"
      ... Thanks, Jeff, for your input. ... remember some of the controls not reflecting the new field name. ... received the update icon and selected the affirmative (update objects) ...
      (microsoft.public.access.tablesdbdesign)