RE: [Full-Disclosure] Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly

From: Steve Wray (steve.wray_at_paradise.net.nz)
Date: 09/30/03

  • Next message: Steve Wray: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost ofMonopoly" 
    To: "'Michal Zalewski'" <lcamtuf@ghettot.org>, security@brvenik.com
Date: Tue, 30 Sep 2003 20:56:44 +1200

    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    > Michal Zalewski
    >
    > On Sun, 28 Sep 2003, security@brvenik.com wrote:
    >
    [snip]
    > You can't do it particularly easily just by configuring local built-in
    > firewall on each box. Or, you can, but you have no easy way
    > to maintain and audit the structure once it's done.

    There is if you don't use a windowing operating system; this is
    precisely
    what my team is doing for a very large collection of firewalled boxes,
    remotely administered and their forewall configurations all maintained
    and audited by remote control and en masse to boot.

    We're using Debian Linux with more or less traditional unix tools for
    the job; ssh, scp, rsync, diff sed and patch.

    > The value of this
    > software is the ability to:
    >
    > 1) Integrate many security mechanisms (AV, firewalling, auditing,
    > local policy, IDS) under one roof and implement unified policies,
    >
    > 2) Provide an easy way to deploy and track agents and their
    > compliance with group policy,
    >
    > 3) Manage multiple group policies easily,
    >
    > 4) Deploy adaptative policies (say, different access levels when
    > on dial-up, different when in corporate network).
    >
    > That's it. That is an effective tool that goes about as far
    > as we can go with pure IT without major changes to the existing
    technology
    > to protect

    I don't see whats new about this... unless its in a windowing
    environment,
    but then I guess you get what you ask for! A GUI for everything and
    everything
    in a GUI.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Steve Wray: "RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost ofMonopoly"

    Relevant Pages

    • Re: New?? firewall idea, self-learning?
      ... > If you're bringing up the idea of a self-learning firewall then I don't ... really secure servers don't have any GUI installed. ... drivers and programs can control the input to such drivers and thus ... Command line are good for security, ...
      (comp.security.firewalls)
    • Re: Leopard Firewall Warning
      ... really a problem with the GUI, not the firewall as such. ... alas not UDP or ICMP. ... and connected to an untrusted network. ...
      (uk.comp.sys.mac)
    • Re: Announcement, iptables gui
      ... running a GUI on a firewall is not a pretty good idea (though ... more customers are interested in linux and iptables. ... > operation systems which use a closed source and restrictive license that ...
      (comp.os.linux.security)
    • Re: Announcement, iptables gui
      ... running a GUI on a firewall is not a pretty good idea (though ... more customers are interested in linux and iptables. ... > operation systems which use a closed source and restrictive license that ...
      (comp.os.linux.security)
    • Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
      ... Obscure configuration and implicit rules ... making it hard to understand exactly what firewall does in this and that case ... GUI should be simple and straightforward, ... errors made by the admins thus, indirectly, incresing security and the ...
      (Firewall-Wizards)