RE: [fw-wiz] Ok, so now we have a firewall, we're safe, right?

From: Chris Blask (
Date: 05/31/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"
    To: "Ben Nagy" <>, "'Paul D. Robertson'" <>, <>
    Date: Mon, 30 May 2005 23:30:05 -0400

    Hey Ben!

    At 04:20 PM 5/30/2005, Ben Nagy wrote:

    >I wrote the below in an awful hurry, but it amplifies Paul's point. The
    >threats we're looking at today aren't really anything like they were when we
    >all got into this business. Sure, the _vectors_ are the same, and the
    >patented MJR/Fred/Paul methodology will still help you out against the huge
    >bulk of them. The point is that there is less and less margin for error.
    >Anyway, small, self-indulgent rant follows.

    .d. well-voiced rant

    >Anyway, nothing above is really original. To me it all seems obvious, but
    >whenever I talk about this stuff to the 'general public' they are all
    >shocked, so maybe some subscribers will find it interesting.

    What you wrote is a very cognizant view of our situation, of appropriate
    length and catchy content for the brighter than average chimps - er,
    laypersons - to read and feel comfortable that they had seen through a
    reliable window into what would otherwise be to them a dark and mysterious
    world. It is a good bit of writing on an interesting topic that is as
    close to most peoples' worlds as black FBI helicopters.

    That's the point we all lose after the first few years of really
    understanding this stuff - No-one Else Does.

    Nobody, nada, not a soul.

    The Queen of the Ants would certainly count up the finite number of us who
    do and call it "zero". We're talking about 6,000,000,000 people here, and
    there ain't more than a football-stadium-full of folks among them that have
    Clue #1 about infosec. We aren't even the High School Chess Club - we're
    the person in about 1-in-100 schools who is so quirkily bright we make the
    chess club members uncomfortable. A stray bullet is more likely to hit a
    six-foot albino in Zimbabwe than an infosec expert in Michigan.

    Just because you all understand all or some of this stuff, try not to
    forget that the person next to you on the bus still hasn't spent five
    minutes talking to anyone with a clue yet, and statistically never will.

    This means a couple important things:

    o When you get a chance to address them, try to give them something
    specific they can use - some meme that they can run in their heads and
    improve in some way their posture. When you give them a good meme, they'll
    share it with their friends and it could propagate to the general
    betterment. Otherwise, it's all just background noise they heard some

    o We can't win this battle by delivering the level of education we expect
    of each other to six times ten to the ninth people. We need to identify
    the appropriate amount and content of knowledge to deliver to a variety of
    demographics, and build an Internet that securely supports what they can be

    o End-user security is optimized in direct proportion to our ability to
    make it simple.

    There's every reason to think we can do all this stuff. The project is
    underway and everything's generally running well so far, inasmuch as
    barely-manageable chaos can. Users have been taught enough to respond to
    direction, and from time to time we give them good direction.

    Eating whales may seem to take forever, but sooner or later you're down to
    flukes and limp parsley.



    Chris Blask

    firewall-wizards mailing list

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?"