Firewall Wizards mailing list archives
Re: Too Paranoid?
From: Adam Shostack <adam () homeport org>
Date: Mon, 30 Sep 2002 11:40:34 -0400
On Sun, Sep 29, 2002 at 08:10:19PM -0400, Frederick M Avolio wrote: | At 01:57 PM 9/29/2002 -0400, Dave Piscitello wrote: | >Totally in agreement. | > | >Any reputable vendor should appreciate this, and should be willing to | >explain | >what security measures they have implemented to your satisfaction, or if | >not to your satisfaction, willing to work to resolve differences between | >their | >security posture and what your policy requires. | | Which planet would you be talking about? Key word in this, of course, is | "should." Most probably it is "can't" because "never thought of it." Most | reputable vendors SHOULD but don't. | | Most reputable vendors behave just as this one does. They are certain it is | Not So Bad. And in their mind, it is not. Because all they know is | firewalls make things secure and it can work with the firewall in place, as | long as you poke a hole or two through it. So, the only way to fix this is customer demand. I'd ask all the questions you will, and then identify the vendor and post your questions here, so that when other customers search on security and vendor name, they'll find the question list. Then the vendor will start to pay attention. Just a nit about Dave's mail it to yourself thing. Don't bother. If you need it documented, the best way is to have two peers sign and date under the words "I have read and understood the above." Pick peers who you think would come off well in court. After that, is a notary, or file a copy with an attorney. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Too Paranoid? Jim Seymour (Sep 29)
- Re: Too Paranoid? Paul D. Robertson (Sep 29)
- Re: Too Paranoid? James Triplett (Sep 29)
- Re: Too Paranoid? R. DuFresne (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Frederick M Avolio (Sep 29)
- Re: Too Paranoid? Dave Piscitello (Sep 29)
- Re: Too Paranoid? Bennett Todd (Sep 30)
- Re: Too Paranoid? Adam Shostack (Sep 30)