Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly

From: Frank Knobbe (frank_at_knobbe.us)
Date: 09/28/03

  • Next message: Florian Weimer: "Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly" 
    To: Michal Zalewski <lcamtuf@ghettot.org>
Date: Sun, 28 Sep 2003 14:34:10 -0500

    On Sun, 2003-09-28 at 13:04, Michal Zalewski wrote:
    > I'd argue... many vendors [...]
    > provide integrated corporation-wide mechanisms for enforcing group
    > firewalling, access and logging/IDS policies on workstations or groups of
    > workstations (and, why not, also servers).
    > [...]
    > The technology is there. It takes some effort to use it and do it
    > correctly, of course.

    Michal,

    I think Paul's sentiment was that current efforts are focused on
    networks, IP addresses, firewalls, protocols, etc, basically focusing on
    the _transport_ of data. I think what we need are better mechanism to
    protect the _data_ itself, not just the transport/protocol of it. I'm
    not talking about Palladium crap, but more in the direction of more
    efficient ACL's, RBAC, and finer system level control. We *can* harden
    the chewy insides by applying better controls. (All too often I see
    networks with Share and File/Dir permissions being
    Everyone-Full_Access...).

    Paul, feel free to disagree if I put words in your mouth ;)

    Cheers,
    Frank

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Florian Weimer: "Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly"

    Relevant Pages
    Loading