Firewall Wizards mailing list archives
Re: Reactive Firewalls
From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Fri, 13 Feb 1998 14:47:09 -0500 (EST)
Rick Smith wrote:At 9:38 AM +1100 2/12/98, Darren Reed wrote:Personally, I'd prefer a service that fell victim to D.O.S attacks than one which could be compromised.Outside of the intelligence agencies, I've found that Internet savvy enterprises generally consider denial of service to be as bad or worse a "compromise" as anything else a hacker might do. This is certainly becoming true in military environments.I guess it really depends on the situation. For example, if I have a firewall that is generating logs locally, and that system runs out of disk space, I would far prefer the firewall to shut down (thus a denial of service) than to continue to happily pass traffic even though it is no longer able to record events. IMO, a firewall that no longer records sessions has been "compromised". A D.O.S. is far preferable.
This is because you are computer-security oriented. No surprise there. The consumer, however, usually prefers to have service, and the illusion that it's working "just fine". True for all consumers, even the military and intelligence consumers mentioned above, I would expect. With the exception of those that are computer-security oriented. Incidentally, I would suspect that this mailing list is self-selecting for computer-security-oriented folks, wouldn't you think? ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO Computer Support EMT-A/B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- RE: Reactive Firewalls Stout, William (Feb 10)
- <Possible follow-ups>
- Re: Reactive Firewalls tqbf (Feb 11)
- Re: Reactive Firewalls Darren Reed (Feb 11)
- Re: Reactive Firewalls John Lines (Feb 12)
- Re: Reactive Firewalls Rick Smith (Feb 12)
- Re: Reactive Firewalls Chris Brenton (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 13)
- Re: Reactive Firewalls Joseph S. D. Yao (Feb 13)
- Re: Reactive Firewalls Rachel Rosencrantz (Feb 13)
- Re: Reactive Firewalls Rick Smith (Feb 16)