Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right?

From: Dave Piscitello (
Date: 06/10/05

  • Next message: "Re: [fw-wiz] Strange Pix behavior."
    To: "Paul D. Robertson" <>, "R. DuFresne" <>
    Date: Fri, 10 Jun 2005 11:45:46 -0400

    To a great extent, hiding complexity is intentional, and IMO a
    reaction to the scathing criticisms hurled at vendors time and again
    regarding product and UI complexity.

    Some folks on this list recall configuring ISDN adapters and bridge-
    routers, or early V. modems. The survivors from the "your UI bites!
    You can't expect our 10,000 reasonably intelligent users much less a
    consumer to change dipswitch settings and enter command line
    jibberish! We need something *intuitive* and *plug-and-play* or we'll
    take our business elsewhere" era are IMO permanently traumatized into
    believing they can't expose complexity (or they conceded long ago,
    made killings giving the customer what he thought he wanted, and are
    sipping champagne in sunny surrounds while we debate on maillists).

    I feel as if we're arguing over the road *not* travelled
    (distinguished from the road *less* travelled). I'm increasingly
    skeptical that it's possible to go back to the crossroad and make
    "secure" a priority over "easy". Too few people actually care, and
    our culture/society becomes more comfortable each day with solutions
    that absorb and amortize losses rather than mitigate them. Financials
    don't invest in stronger identity theft protection while their costs
    of doing business can tolerate loss. When losses exceed "tolerable"
    they still don't look for something bullet-proof, only something that
    reduces loss to below the magic threshold of "tolerable".

    My experience is that consumers, SMBs, and enterprises don't put even
    this much effort into assessing and mitigating risk. I might be in
    the minority, but the fact that 4 of 5 APs are still run wide open is
    as much an embarrassment to users as vendors.

    Our hands have to be placed on hot (regulatory) coals to implement
    security. Even then we procrastinate and lobby to reduce the
    requirements *and* accountability - and ask vendors to automate and
    hide complexity. Automation and security aren't good bedfellows.

    Where security is involved, otherwise rationale adults devolve into
    whining, rebellious, scheming, negotiating adolescents. The critical
    parent (regulatory) social style isn't working. The nurturing parent
    style isn't working. If you've know a way to create adult-adult
    conversations on the topic of network security, I'm eager to hear

    On 7 Jun 2005 at 3:00, R. DuFresne wrote:

    > Hash: SHA1
    > [SNIP]
    > >
    > > Good thing I scrolled down to find it! It's pretty well hidden for
    > > a "strong" recommendation. Took me 15 minutes to find, and that's
    > > all I was searching for.
    > >
    > I wrote a few papers on wifi products a few years ago, and mentioned
    > that anything at all to do with securing these devices tends to be
    > hidden, if covered at all, and only touched on the the briefest sense,
    > deep down in the documentation. So, nothing has changed in recent
    > times, cool to note the consistency.
    > Thanks,
    > Ron DuFresne
    > - --
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    > admin & senior security consultant:
    > Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
    > ...We waste time looking for the perfect lover
    > instead of creating the perfect love.
    > -Tom Robbins <Still Life With Woodpecker>
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.4 (GNU/Linux)
    > iD8DBQFCpUYOst+vzJSwZikRAhKFAJ9x9rdyONzvg/BeBXiY2jq/SruB/wCdGgPB
    > RcUGGqc70qMVsCQNoaEC574=
    > =x1fI
    > -----END PGP SIGNATURE-----
    > _______________________________________________
    > firewall-wizards mailing list

    firewall-wizards mailing list

  • Next message: "Re: [fw-wiz] Strange Pix behavior."

    Relevant Pages