Re: Personal Firewall Day?

[Devdas Bhagat <devdas () dvb homelinux org>]

On 05/10/03 13:30 -0400, Marcus J. Ranum wrote:
> Charles Miller wrote:
> > 'To combat the problems with patch management, however, the company [Microsoft] is moving to a "securing the 
> > perimeter" strategy where it will partner with various firewall companies to ensure that electronic attacks don't 
> > even reach their intended targets but are instead thwarted at the edge of the network
>
> One of the indicators of a security problem that has gotten out of
> hand is a flip-flopping between firewalls and host security. :)  I remember
<wondering voice>
But, but, but, don't you need both as part of a security perimeter?
</wondering voice>

<snip>
> Is there a real answer? I think that there is but Microsoft can't
> give it because it's contrary to their business model. Linux can't
> do it because it's contrary to its proponent's mind-sets. Maybe
Hmmm, how about a "blame the lazy admin week" instead of a personal
firewall day? Or even a patch your box today! week^Wyear.

> Sony can do it through their Playstation sales unit. Basically,
> the answer is to kill off general-purpose computing for 99.9%
> of the desktops in the world. Really, it's not necessary for Joe
Hmmm, lets see. J.A. User needs to be able to:
Edit some office documents.
Work on a few spreadsheets.
Listen to audio/see video
Run a few IM programs
Surf the web
Run one or two P2P programs.
Handle email (fancy, jazzy email too).
Perhaps make their own family videos.
Rip CDs.
Scan images.
Print stuff.

We need to really really start blaming lazy admins, and for a home
system, JA User is the admin.
Just inculcate a sense of responsibility in people and your job is
done.

> Average User (though Joe wouldn't agree). I think Schneier and
> Geer et al were wrong when they wrote their little paper about
> Microsoft monoculture being dangerous - they adopted a
> disease model and, like most analogies, they let the analogy
> steer their thinking. What we need is a monoculture but we
What we really need is users with a clue.

> need to recognize that we're building one and make sure it
> has a good immune system that can spread and share
> immunity as fast (ideally faster!) than new cyberpathogens can
> spread.  But that's a topic for another day. ;)
I doubt that such a system will exist. The best defense is actually
variety.
Though, perhaps we could ask for a bunch of embedded systems which do a
single task well and correctly (apply the unix philosophy and separate
each individual program on different bits of hardware).

<Changing X-Message-Flag header>
Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards