Firewall Wizards mailing list archives
Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)
From: Predrag Zivic <pzivic () yahoo com>
Date: Wed, 8 Aug 2001 07:31:04 -0700 (PDT)
Well David, You were quite right to what the solution should be. Prevent is the key word. Not how to deal (although that is the part of the issue and the process) but how to prevent the problem from happening. As far as I am concerned, proper and fine grained access control is a very good prevention solution. How one does it? Control the access to a process, file, mail service, TCP service or something else is an engineering process and should be carefully done. If all these steps (bundled with patch updates) are looked after a lot of things such as trojans would never happen. Which product? whale, zone alarm, bull software? Maybe the combination of all of them? who knows? I would love for god to give me the all in one product to secure my IT, and finally spare me some time for the things like sand and beach and... But sadly one has to think hard and build it from building blocks. Tia Pez --- David Wagner <daw () mozart cs berkeley edu> wrote:
Darren Reed wrote:All they can do is find already known problems.Think of it like type checking. Type checkers only prevent known problems (namely, runtime type errors). Type checkers are not a silver bullet: they only prevent a certain class of errors. Nonetheless, they're pretty darn useful, aren't they? They assist the programmer with some of the tedious bookkeeping of programming, and leave the programmer free to concentrate on the truly hard aspects of writing code (such as getting the design right in the first place). This seems like an advance. We should embrace analogous advances in software security, not resist them. P.S. Sure, testing sounds like a great idea, too. They're complementary: you should be using both. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe), (continued)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Adam Shostack (Aug 07)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) R. DuFresne (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Darren Reed (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 08)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) David Wagner (Aug 10)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Predrag Zivic (Aug 13)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Jody C. Patilla (Aug 11)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) B. Scott Harroff (Aug 13)