RE: Microsoft Can't Win.
From: Evans, TJ (tjevans@kpmg.com)Date: 10/09/01
- Previous message: Daniel David Benson: "Re: Microsoft Can't Win."
- Maybe in reply to: Turner, Keith: "Microsoft Can't Win."
- Next in thread: Adam Shephard: "RE: Microsoft Can't Win."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <D503BBD92FE9D2118A010008C75F64480A3A29D4@usnssexc20.us.kworld.kpmg.com> From: "Evans, TJ" <tjevans@kpmg.com> To: focus-ms@securityfocus.com Subject: RE: Microsoft Can't Win. Date: Tue, 9 Oct 2001 16:07:00 -0400
I agree to some extent, and of course in a perfect world there would be no
vulnerabilities in anything ... and we would not need to sacrifice any
usability, functionality, or connectivity to attain a utopia of absolute
security.
Giving up on that, an application-level firewall can also help protect the
services ... blocking certain types of "bad things" <malformed packets,
http/cmd.exe requests, etc.>.
"Layers of defense" ... atleast in the foreseeable future, you cannot be
100% secure, the big idea here is to get "perfect balance" of cost,
functionality, etc. ... with "perfect" being relative to your specific
environment, needs, capabilities, budget, political environment and
sometimes the seemingly random collisions of subatomic particles ... :)
For the record - "dumping the firewall" would not be my recommendation, in
fact - I recommend improving them!
<Keep in mind - even a relatively secured box can still eventually be
affected by a new "0 day" vulnerability and having multiple layers of
defense can stop/slow 'burn rate'>
Thanks!
TJ
-----Original Message-----
From: TD - Sales International Holland B.V. [mailto:td@salesint.com]
Sent: Monday, October 08, 2001 4:37 PM
To: Turner, Keith
Cc: focus-ms@securityfocus.com
Subject: Re: Microsoft Can't Win.
Personally I rather see the services more secure..... A firewall only stops
traffic to services, services that are allowed thru the firewall get 0
protection from it. In other words, dump the firewall and set those
resources
on securing IIS etc. I saw a line on this list once, don't remember it
exactly but it was in the lines of, the need for a firewall only says
something about the insecureness of the services behind it.
regards
On Friday 05 October 2001 18:02, you wrote:
> I'm sitting here eating my lunch and reading email/websites. I stopped
> reading through the email (security related mailing lists mostly) when I
> hit several of the "Microsoft sucks, they are as secure as a child's
> playground" type messages. So, I minimized email and opened a web
browser.
> Pointed it to a news portal and started reading. Came across this - '
The
> big bad Microsoft is trying to use their monopoly powers to crush the
> competition in the security market' in reference to xp's built-in
firewall
> and encryption system.
> People yell at them for not adding security features to their products
> but then scream MONOPOLY when they do add security features.
>
> What gives?
>
> Keith
> (I feel better now)
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
- Previous message: Daniel David Benson: "Re: Microsoft Can't Win."
- Maybe in reply to: Turner, Keith: "Microsoft Can't Win."
- Next in thread: Adam Shephard: "RE: Microsoft Can't Win."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
