Firewall Wizards mailing list archives

Re: Castles and Security (fwd)

From: "Steven M. Bellovin" <smb () research att com>
Date: Tue, 09 Jan 2001 13:29:13 -0500

In message <D9C570D94236D4118DAE00508BCF3DA802218947 () cs14mail bestbuy com>, "Sc
ott, Richard" writes:

<ramble>
My sense of things is two fold.  Firstly, if we are to build secure
infrastructures, we need to use quality components.  Would one build a
castle out of straw.  Despite bringing in another analogy, two of the three
pigs built "castles" were not successful!

If I decide to build an infrastructure, I should have the right to chose
adequate components, and if those components are somehow certified, or
legally advertising to be secure, that that should be sufficient.
If I build a house and select quality bricks, and find that after the house
was built the bricks were made of baked sand in stead of a concrete mixture
(as advertised) as to allow anyone to enter in to my house, I could have
legal recourse.  The manufacture would be sued, and those who entered my
house would also face legal prosecution either by my self or the state.  Of
all the discussions I seem to read on this, there tends to be a targeting of
the attackers, or (exclusive) the manufactures. 

The problem are targeting I think should be reinforced at the component
level.  The gray area of security is that there isn't or lack of certified
products that are secure.  Yes, I could take NT/2000 set that up, and follow
MS guidelines, and with the typical software disclaimer, I have no right in
arguing that my system is safe, legally speaking.  Targeting should be two
pronged, at the attacker and the manufacturer.


There are a lot of problems with this line of argument, most notably 
that security components don't compose.  Furthermore, whatever 
component certifications do exist are relative to a given security 
model; if you needs don't meet that model, the certification is 
useless.  (A Orange Book B2 rating is quite irrelevant to protection of, 
say, a multi-customer Web hosting computer.)  Certifications also tend 
to have environment restrictions; again, violating these can void the 
warranty.


                --Steve Bellovin



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Castles and Security (fwd), (continued)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
  - Re: Castles and Security (fwd) George Capehart (Jan 05)
    - Re: Castles and Security (fwd) Ryan Russell (Jan 08)
    - Re: Castles and Security (fwd) George Capehart (Jan 08)
- RE: Castles and Security (fwd) Scott, Richard (Jan 08)
- RE: Castles and Security (fwd) Antonomasia (Jan 08)
  - Re: Castles and Security (fwd) Darren Reed (Jan 10)
- Re: Castles and Security (fwd) Steven M. Bellovin (Jan 10)
  - RE: Castles and Security (fwd) Robert Graham (Jan 12)
    - RE: Castles and Security Lance Spitzner (Jan 12)
- RE: Castles and Security (fwd) Ben . Grubin (Jan 12)