Firewall Wizards mailing list archives
Re: Reactive Firewalls
From: Rachel Rosencrantz <rachel.rosencrantz () predictive com>
Date: Fri, 13 Feb 1998 13:07:45 -0500
At 10:16 AM 2/12/98 -0600, Rick Smith wrote:
At 9:38 AM +1100 2/12/98, Darren Reed wrote:Personally, I'd prefer a service that fell victim to D.O.S attacks than one which could be compromised.Outside of the intelligence agencies, I've found that Internet savvy enterprises generally consider denial of service to be as bad or worse a "compromise" as anything else a hacker might do. This is certainly becoming true in military environments.
Not to sound too much like a text book, but there are 3 critical aspects in security. Confidentiality, Integrity, and Availability. Some environments feel that one aspect is more critical than the others. (Notably the TCB concept relies heavily on the confidentiality being the greater good.) Some places the integrity of the data is crical. (I'd think the stock exchange might be one of those.) In other situations, availabilty is the most critical. (Of course I'd think that would also be the stock exchange.) For an organization that has determined that Availability is job one, a DOS attack is going to be far worse than lost or change of data. What would a web design company do if no-one could get to their customer's web sites? It depends on the business, the use of the network in critical functions, and fundamentally Policy. Of course, lots of companies out there don't really sit down and think about what is critical and an asset before setting up these policies. I'd certainly think I'd want some Asset and risk assement done and a policy put in place before I was made responsible for the firewall. Otherwise, how do you know which objective(s) (Confidentiality, integrity, availabilty) is critical. Without that policy some VP can cause some troubles because they couldn't get their (personal) stock quotes via the web because you shut down the FW. -Rachel
Current thread:
- RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
- Re: Reactive Firewalls John Lines (Feb 12)
- Re: Reactive Firewalls Rick Smith (Feb 12)
- Re: Reactive Firewalls Chris Brenton (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 13)
- Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
- Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 16)