"Roy G. Culley" wrote:
>
> What
> we we talking about is protecting a companies data from outside and inside
> attack (remember over 80% of security incidents are from the inside).
Anyone have current data on this? I know it was true five
years ago but my gut tells me its dated for an Internet
connected company. Things have changed drastically in the last
five years. Do the stats discriminate between successful and
unsuccessful break-ins? Are probes defined as "security incidents"?
> For sure when everyone
> uses encryption the job of a firewall administrator is over.
I don't understand that statement. Encryption just protects the data
outside the system or perhaps when its sitting on storage. I'd hazard
a guess that the number of incidents involving sniffing cleartext
traffic or disk data is dwarfed by the number of incidents caused by
direct system break-ins due to misconfigurations or bugs. I'll even
leave out user run malware. In any case, once the system is compromised,
encryption isn't much use...the bad guys have access to the data before
its encrypted and/or have access to the keys.
OTOH, firewalls *attempt* to protect against direct system compromise
either by not allowing selective communications at all or allowing
only controlled communications. Whether or not one believes firewalls
can protect vulnerable systems, I think one would have to admit they're
more effective at stopping today's security incidents than encryption
assuming they're actually configured to stop something.
Perhaps more now than ever, the quote attributed to Gene Spafford holds
true:
"Using encryption on the Internet is the equivalent of arranging an
armored car to deliver credit card information from someone living
in a cardboard box to someone living on a park bench."
...particularly on the client end :)
Anyone have stats on compromised ISPs?
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
