RE: Firewall configuration statistics

security_at_rexwire.com
Date: 06/20/03

  • Next message: Andrej: "Linux FreeS/WAN road warrior problem"
    To: justinpryzby@users.sourceforge.net, security-basics@securityfocus.com
    Date: Fri, 20 Jun 2003 17:04:27 -0400
    
    

    Justin's reply must be the malicious reply I have ever read in this group
    and I hope the moderator takes notice. I was intending to get industry
    statistics for my marketing material and not a arbitrary number to feed to
    people. It comes back to my point in my last pointing. People should keep
    their philosophical points to themselves; no one wants them or cares for
    them they provide nothing to the users of this group. Please stick to
    experience and industry numbers they go a long way to help people.
    Wishing ill onto others as Justin did does not help anyone nor I guarantee
    it will do a lot for Justin's career.

    Some of the statistics I have come across are stated below;

    90% of all companies that got compromised lat year had a firewall

    70% of all attacks happen at the application level

    25% of exploits had patch readily available

    -SKP

    -----Original Message-----
    From: Justin Pryzby [mailto:justinpryzby@users.sourceforge.net]
    Sent: Friday, June 20, 2003 10:34 AM
    To: security@rexwire.com; security-basics@securityfocus.com
    Subject: Re: Firewall configuration statistics

    Well, seeing as I just received duplicates of last months mail, I guess
    I may as well respond.

    My intent in giving SKP two opposite and conflicting statistics is to
    reveal the meaningless nature of the question. Whether marketing
    material says 2% of firewalls are misconfigured or 98% are doesn't
    matter.

    It is a matter of opinion, and I have given SKP my own meaningless
    authority to state whatever he wants. I hope I have also given him the
    motivation to realize that what he wants is an arbitrary number to feed
    to people; I want him to get neither satisfaction nor sales from
    publishing whatever number he decides to use.

    Justin

    On Fri, Jun 20, 2003 at 04:48:02PM +0000, security@rexwire.com wrote:
    >
    > Thank you Greg. I totally agree. If people would just answer questions
    based
    > on real life experience and knowledge and leave the philosophy to the
    > politicians I think everyone in this group will be happy.
    >
    >
    > -SKP
    >
    > -----Original Message-----
    > From: NC Agent [mailto:NC_Agent@kueppers-familie.de]
    > Sent: Friday, June 20, 2003 12:01 PM
    > To: security@rexwire.com; justinpryzby@users.sourceforge.net
    > Cc: security-basics@securityfocus.com
    > Subject: RE: Firewall configuration statistics
    >
    >
    > What you received is the reason why I will not post a serious question
    > to the list. The list has fallen into one of opinion not fact. So folks,
    > as SKP gets more and more frustrated, and stops using the list for
    > serious business, maybe it has become time for us to get back to
    > business. Just my .005 worth.
    >
    > Greg Kane
    > SAIC
    > Senior Systems Security Engineer
    > CTSF-IA
    > Fort Hood, TX
    >
    > -----Original Message-----
    > From: security@rexwire.com [mailto:security@rexwire.com]
    > Sent: Saturday, June 07, 2003 6:16 PM
    > To: justinpryzby@users.sourceforge.net
    > Cc: security-basics@securityfocus.com
    > Subject: RE: Firewall configuration statistics
    >
    > That makes absolutely no sense. Plus I am not looking for a
    > philosophical
    > answer. I was looking statistics for marketing. Does anyone know of a
    > good
    > reference site for firewall and other security statistics.
    >
    > SKP
    >
    > -----Original Message-----
    > From: Justin Pryzby [mailto:justinpryzby@users.sourceforge.net]
    > Sent: Friday, June 06, 2003 6:18 PM
    > To: security@rexwire.com
    > Cc: security-basics@securityfocus.com
    > Subject: Re: Firewall configuration statistics
    >
    >
    > Security,
    >
    > 100% of firewalls are misconfigured. I guarantee that no firewall
    > administrator has considered all of the posibilities that are out there.
    > Moreover, there are guaranteed bugs in the firewalling software itself.
    >
    > No firewalls are misconfigured. Computers do what they are told, and
    > the occasion cosmic ray bitflip is insignificant compared to human
    > error. FW admins who use broken software or write bad FW policies
    > deserve to suffer the consequences.
    >
    > Take your pick. As a user, I think all firewalls suck because at best
    > they are another layer for things to get f()'d up, and at worst they
    > prevent me from doing stuff. As an admin, I know of no more problems in
    > my current firewall configuration (-j DENY), but let me check.
    >
    > Unless you elaborate on whichever number you quote, it is meaningless.
    > Anyone who has ever deal with a firewall will know that. You will,
    > however, impress 99% of everone with a cool word like ''firewall''.
    >
    > Justin
    >
    >
    > On Sat, Jun 07, 2003 at 12:42:26AM +0000, security@rexwire.com wrote:
    > >
    > > I remember once reading that X amount of firewall's are misconfigured.
    > Does
    > > anyone know where I can get this statistic from? We are making some
    > new
    > > marketing material and I would like to include this stat in it. A
    > quotable
    > > source would be great.
    > >
    > > Thanks
    > >
    > > SKP
    > >
    > >
    > ------------------------------------------------------------------------
    > ---
    > >
    > ------------------------------------------------------------------------
    > ----
    > >
    >
    > ------------------------------------------------------------------------
    > ---
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
    > analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access
    > in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > ------------------------------------------------------------------------
    > ----
    >
    >
    >
    ---------------------------------------------------------------------------
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    >
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Andrej: "Linux FreeS/WAN road warrior problem"

    Relevant Pages

    • RE: Firewall configuration statistics
      ... My question was clearly a marketing question regarding industry statistics. ... Subject: Firewall configuration statistics ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • WG: Firewall configuration statistics
      ... Betreff: AW: Firewall configuration statistics ... We were saying there might be more effective marketing strategies ... than statistics which cannot be proven one way or another. ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • RE: Firewall configuration statistics
      ... 'X' firewall, then that could mean a few things for example: ... Most security marketing is targeted towards ... We did manage to gather statistics all you guys keep saying does not exist. ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • RE: Firewall configuration statistics
      ... I was looking statistics for marketing. ... reference site for firewall and other security statistics. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: Firewall configuration statistics
      ... I was looking statistics for marketing. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)