Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)



At 09:00 AM 26/05/2006, Paul D. Robertson wrote:

On Thu, 25 May 2006, Chris Blask wrote:

o The best gadget in the world is no good if the maker doesn't survive
to support it.

Sure it is. The vendor isn't the only choice for support, and if it's
good enough to be the best, it shouldn't *need* regular support.

I don't believe in static security. If something was good enough to be best it would still be imperfect.

The "vendor" could be the open source community, in which case the source is there for everyone to support, but a great product from a dead or badly-acquired company can be worse than useless.

o Another analog to twist would be: a bunch of talented
and enthusiastic guerillas may be good at the start of a conflict, but
when it gets really serious you'll be unhappy if you are not the one
with the integrated weapons platform...

1. You're comparing apples and oranges, soldiers against weapons.
2. With the right guerilla force, the shiny new expensive platform is
already useless by the time you deploy it *if it even makes sense for the
conflict you're in rather than the last conflict that happened when the
weapons platform makers all got their contracts.

Analogies are never very accurate (my favorite quote from an English teacher in HS: "There is no such thing as a synonym").

However, to pursue the military analogy:

History is full of tales of the vanquished who've felt their superior
large-scale do-everything weapons could win. That's one of the reasons
the US strategy to go to small light and mobile divisions is interesting-
it's a step away from the tradional "bigger, more" philosophy of
multi-billion dollar pork projects and Congress forcing the purchase of
ineffective integrated weapons platforms.

o The reason the US military can sucessfully use "small and light" tactics today is that they have an integrated weapons platform. Robust standardized components tested to death (pun) interoperate in well defined ways, and small changes are enormously vetted before being released to the battlefield. Inventing new guns that take new bullets and are given to soldiers with new communications systems that use new protocols to sync up with new command structures that analyze data in new ways and provide tactical feedback in new schemas - well, that just wouldn't work real well. "Small and Light" in the US military context is only possible because they have developed "Huge and Heavy" amounts of testing and experience.

Of course, "small and light" can also be "we're just making this sh*t up as we go along and don't mind dying", sometimes introducing the surprising successes of randomization. Ironically, by the time a new technique discovered that way becomes wide-spread, it often loses the characteristics of surprise and flexibility that makes it successfull.

In infosec today we are coining terms and creating methods on a daily basis - this is not a mature area of endeavor. When it is a mature space, we will have much more "integrated" "weapons platforms", whether single-vendor or standards-based.

-cheers!

-chris


Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
    ... The vendor isn't the only choice for support, ... You're comparing apples and oranges, soldiers against weapons. ... conflict you're in rather than the last conflict that happened when the ... weapons platform makers all got their contracts. ...
    (Firewall-Wizards)
  • Re: Sydney bludgeonings
    ... He had track record of attempting to build weapons of mass destruction ... Tell us again how you support the troops. ... Bush administration. ...
    (rec.martial-arts)
  • Re: More guns equals less tyranny?
    ... clear that it's a theoretical question. ... I'm a gun ... Interior Ministry also is considering a weapons buy-back ... assertion it was being presented in support of. ...
    (talk.politics.guns)
  • Mitt Romney lies again
    ... Support Pajamas Media; Visit Our Advertisers ... Mitt Romney may have hurt his GOP primary chances when he reiterated his support for a ban on assault weapons during a recent Meet the Press appearance, ... I signed an assault weapon ban as Massachusetts governor because it provided for a relaxation of licensing requirements for gun owners in Massachusetts, ...
    (talk.politics.guns)
  • Re: More guns equals less tyranny?
    ... it's a theoretical question. ... I'm a gun owning Republican & I ... completely support second amendment rights for all. ... also is considering a weapons buy-back program. ...
    (talk.politics.guns)