RE: [fw-wiz] RE: In defense of non standard ports

Hash: SHA1

On Tue, 24 Jan 2006, Behm, Jeffrey L. wrote:

On Tuesday, January 24, 2006 10:57 AM, Marcus J. Ranum so spake:

Most organizations have already given up control over outgoing
traffic. What they don't realize is that, by extension, they have
also given up control over incoming traffic.

And, to me, are seeming to make it more difficult for those who haven't to maintain control.

Overheard at the water cooler: "Well, company X allows this traffic, why
don't we? They are much larger than us and probably understand security
*much* better than we do. Since they think it's safe, shouldn't we think
it's safe, too?"  I'm still looking for wording used to combat the
cluelessness of such mindset in both our own companies, as well as
companies that are creating situations that make us run web traffic on
non-web ports.

Didn't mom supply such wording when we were kids;

Just because <insert a name here> wants to jump off the bridge, does that mean you need to join them?


Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant:
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
Version: GnuPG v1.2.4 (GNU/Linux)

firewall-wizards mailing list

Relevant Pages

  • FW: Windows Update - Unsafe ActiveX control (fwd)
    ... "Safe for Scripting" simply means that the control is safe to be used ... Windows Update is safe because it only allows itself to be hosted ... etc. it is considered "Safe for Scripting". ...
  • Re: Richtx32.ocx unter Office SP3
    ... ActiveX-Steuerelemente, die nicht als "Safe" ... Code signing ... Because an ActiveX control allows access to root operating ... which allows an ActiveX developer the option ...
  • Re: Why is it dangerous?
    ... I'll wager that the number of usages of gets posted to this group where the input is not under compete control of the poster is over a hundred times more than the number of usages where it is under the posters control. ... I suspect the only safe gets usages posted to this group are posted specifically to point out that with guarantees beyond the scope of C you can use it safely. ...
  • Re: Counters
    ... There is NO completely, totally, safe way to secret information away. ... In order to come up with an appropriate scheme you need to determine how ... safe does it need to be, and how you can control access to the app and its ...