Hear Hear
> ----------
> From: Ben Nagy[SMTP:[EMAIL PROTECTED]]
> Sent: 14 December 2000 03*38
> To: 'Loren Wagner'; [EMAIL PROTECTED]
> Subject: Firewall Futility (was RE: Undesired outbound data...)
>
> Which, once again, leads us down an interesting path...
>
> You're pointing out, in a way, the basic problem with current OSes. There
> are no stable desktop OSes that people want to leave in production for a
> couple of years. We can do it with some servers, but that's only a
> fraction
> of the battle. That means that we're forever trying to patch desktop OSes
> on
> the fly. Worse still, we'll not be done patching before a new version
> comes
> out and we "have" to upgrade.
>
> Clearly you find this moving target battle frustrating. Lots of people do.
> The fact still remains, though, that to provide best effort security it's
> more and more important to harden the whole network. That includes the OS.
> It sucks, yes, but you just can't fix this problem with a firewall as we
> talk about the term today.
>
> Essentially, until someone with a Giant Brain can work out a way to
> provide
> ubiquitous protection for networks that doesn't rely on a single
> chokepoint
> and can do something about tunneling, trojans and virii, there are only
> two
> choices.
>
> 1. You patch everything, all the time and you run harsh policies about
> untrusted code
> OR
> 2. You don't have a secure network.
>
> Lots of people forget, though, that it's OKAY not to have a secure
> network.
> It really is. if you're not a high threat target and if you've done the
> risk
> assessments on your existing model and if you're comfortable that a breach
> won't sink your business you can just live with it. Secure networks suck,
> anyway - who wants to work in one? They're a pain in the ass. Sadly, some
> people need them. You may be one of those people. However, if you're NOT
> then just take an appropriate risk position - it's knowing that you've got
> the "appropriate" bit right that's critical, IMO.
>
> Cheers,
>
> --
> Ben Nagy
> Marconi Services
> Network Integration Specialist
> Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
>
> > -----Original Message-----
> > From: Loren Wagner [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, 14 December 2000 12:27
> > To: [EMAIL PROTECTED]
> > Subject: Re: Undesired outbound data "leaking" - the next frontier?
> >
> >
> > Boy, do I agree with the first comments from elvene! I get
> > so tired and
> > frustrated with the arrogant drivel thinking that everyone
> > connected to
> > anything is going to have or buy or hire everything that it
> > takes to be
> > "secure" based on who's opinion??!! The concept that if we
> > don't jump and
> > install every product patch that comes out for every
> > potential vulnerability
> > whenever it occurs is ridiculous. I think the latest DoS
> > attack is one that
> > adheres to the following model: let's just keep throwing
> > crap at them until
> > they can't do anything but apply the latest patch that will no doubt
> > introduce new bugs/vunerabilities and the hackers (if you
> > want to call them
> > that) have infinite entertainment!! PLEASE.... give me a
> > break. JMHO....
> >
> > Loren
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
