Bugtraq mailing list archives
Re: FIRST and CERT
From: jlarson () parc xerox com (John Larson)
Date: Mon, 2 May 1994 12:44:06 PDT
There were people at Sun and personal friends who understood that I had a multi-billion dollar brokerage and trading operation to worry about; .. Certainly nothing wouldhave happened to anyone at CERT were I penetrated
Perry, While I certainly have shared similar frustration with CERT at times of crisis, I'm not sure I completely understand the level of angst that appears to be going on for you. I'm curious; have you informed your company management that they cannot realistically completely depend on your firewall ? As you well know, the state of Internet firewall technology (esp built with Unix) is far from perfect. Previously unknown security holes are discovered with disconcerting frequency. One of the things I tell my clients before they connect to the Internet is that THEY assume some risk by creating a connection to the Internet (or adding dial-up modems, or any other type of external connection for that matter ;). Given the reality of external connections (firewall, modems, or whatever); internal sites/machines with high security requirements MUST take responsibility and do whatever is necessary to secure themselves. I think anyone who installs or operates an Internet firewall without completely drilling these points home to their clients or managment is being remiss in their duty. Cheers, ________________________________________________________________________ John Larson Internet Consultant Email: jlarson () jnl com Voice: 408-662-9755, Fax: 408-662-9756, Pager: 408-662-4174 US Mail: PO Box 1120 Aptos, CA 95003
Current thread:
- Re: FIRST and CERT Perry E. Metzger (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)
- Re: FIRST and CERT Scott Chasin (May 02)
- Re: FIRST and CERT saouli () math ethz ch (May 02)
- ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 02)
- Debate interuption - New firewalls book RayK (May 03)
- Re: ruserok() & /etc/hosts.equiv Big Bad Jon (May 02)
- Re: FIRST and CERT Eric Brunson (May 02)
- <Possible follow-ups>
- Re: FIRST and CERT John Larson (May 02)
- Re: FIRST and CERT Gene Spafford (May 02)