Re: Reactive Firewalls

["Joseph S. D. Yao" <jsdy () cospo osis gov>]

> Rick Smith wrote:
> > At 9:38 AM +1100 2/12/98, Darren Reed wrote:
> > > Personally, I'd prefer a service that fell victim to D.O.S attacks than
> > > one which could be compromised.
> >
> > Outside of the intelligence agencies, I've found that Internet savvy
> > enterprises generally consider denial of service to be as bad or worse a
> > "compromise" as anything else a hacker might do. This is certainly becoming
> > true in military environments.
>
> I guess it really depends on the situation. For example, if I have a firewall
> that is generating logs locally, and that system runs out of disk space, I
> would far prefer the firewall to shut down (thus a denial of service) than to
> continue to happily pass traffic even though it is no longer able to record
> events. IMO, a firewall that no longer records sessions has been "compromised".
> A D.O.S. is far preferable.

This is because you are computer-security oriented.  No surprise there.
The consumer, however, usually prefers to have service, and the
illusion that it's working "just fine".  True for all consumers, even
the military and intelligence consumers mentioned above, I would
expect.  With the exception of those that are computer-security
oriented.

Incidentally, I would suspect that this mailing list is self-selecting
for computer-security-oriented folks, wouldn't you think?  ;-)

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.