Re: [fw-wiz] RE: In defense of non standard ports
- From: Karl <karl.mueller@xxxxxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 16:59:26 -0600
On Tue, Jan 24, 2006 at 03:28:37PM -0600, Behm, Jeffrey L. wrote:
>
> Overheard at the water cooler: "Well, company X allows this traffic, why
> don't we? They are much larger than us and probably understand security
> *much* better than we do. Since they think it's safe, shouldn't we think
> it's safe, too?" I'm still looking for wording used to combat the
> cluelessness of such mindset in both our own companies, as well as
> companies that are creating situations that make us run web traffic on
> non-web ports.
>
When I hear this, I usually start with something along the lines of "and company X certainly has a legal department prepared to handle the litigation when a boxen inside their network is used to attack or probe a sensitive computer system."
While this may or may not be true, it usually gets enough attention from the original speaker that the LART follow-up is met with something other than a glassy-eyed stare. That's when we get to talk about containment, detection, compartmentalization, individual responsibility, and all those other topics related to accepting the risk of a networked computer system.
Its not about *if* you're gonna get hacked. Its about *when*, and what happens next.
YMMV, but this approach has worked for me.
-k
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- RE: [fw-wiz] RE: In defense of non standard ports
- From: Behm, Jeffrey L.
- RE: [fw-wiz] RE: In defense of non standard ports
- Prev by Date: [fw-wiz] X server in a Firewall
- Next by Date: RE: [fw-wiz] RE: In defense of non standard ports
- Previous by thread: RE: [fw-wiz] RE: In defense of non standard ports
- Next by thread: [fw-wiz] Questions about converting FW-1 ruleset to PIX - sort of...
- Index(es):
Relevant Pages
|
|
