Firewall Wizards mailing list archives
Re:Vulnerability Response (was: BGP TCP RST Attacks)
From: "Margles Singleton" <margles_s () hotmail com>
Date: Thu, 03 Jun 2004 22:22:11 -0500
I don't agree that best practices are flowing through the community. Lots of folks are using stuff that isn't working well. They don't know what else is out there or how anything else other than how "their thing" works.
Speaking as a newbie, these lists are a great thing: I "listen" to how experienced folks think and argue - and I learn. I believe there are many folks like myself on these lists, simply listening in order to improve their skills and knowledge.
gave that a shot. Before that I thought the SANs direction (again with certifications) was good. I don't know if this will work for as large a portion of the population as is needed.
When I moved into security, SANS was decidedly the best thing I ever did for myself. I was working for a company that had no security awareness/department, and I had to figure out *everything* for myself. SANS gave me a road map, and a yardstick by which to measure my progress.
Something I noticed, however: the SANS conferences draw a large crowd - but a very small percentage of those attending ever certify. I think this demonstrates that old saw: "You can lead a horse to water, but you can't make him think...."
Unless - I believe until - security can be packaged in a black box, there will not be tremendous gains in security. My reasoning? Black boxes are those technologies that we have faith in working without knowing why: microwaves, cars, and TV sets are all examples. A NASCAR team will know the fine details of tuning a car, but the Great Unwashed will not: they will simply turn the key and go - and this is how it should be - and I believe in future it will be like that for security as well. In the meantime, I don't believe there is a more exciting time to be working in the field of security than NOW, before everything is packaged up in dull, boring, black boxes that anyone can utilize.
Frankly, I think all you guys and geeks are getting too easily discouraged, and not recognizing the great job that you are all doing - INCLUDING communicating....
Margles _________________________________________________________________MSN Toolbar provides one-click access to Hotmail from any Web page FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Vulnerability Response (was: BGP TCP RST Attacks), (continued)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- Re:Vulnerability Response (was: BGP TCP RST Attacks) Brian Ford (Jun 01)
- Re:Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ames, Neil (Jun 02)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Phil Burg (Jun 03)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) George Capehart (Jun 03)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- Re: Re: Vulnerability Response (was: BGP TCP RST Attacks) firewalladmin (Jun 03)
- Re: Re: Vulnerability Response (was: BGP TCP RST Attacks) Gwendolynn ferch Elydyr (Jun 03)
- Re: Re: Vulnerability Response (was: BGP TCP RST Attacks) firewalladmin (Jun 03)
- Re:Vulnerability Response (was: BGP TCP RST Attacks) Margles Singleton (Jun 04)
- Certification (was Re:Vulnerability Response) Gwendolynn ferch Elydyr (Jun 04)
- RE: Certification (was Re:Vulnerability Response) Laura Taylor (Jun 14)
- RE: Certification (was Re:Vulnerability Response) Gwendolynn ferch Elydyr (Jun 14)
- RE: Certification (was Re:Vulnerability Response) Marcus J. Ranum (Jun 14)
- Re: Certification (was Re:Vulnerability Response) Crispin Cowan (Jun 14)
- Re: Certification (was Re:Vulnerability Response) Vladimir Parkhaev (Jun 16)
- Re: Certification (was Re:Vulnerability Response) Dave Piscitello (Jun 18)
- Re: Certification (was Re:Vulnerability Response) Paul D. Robertson (Jun 18)
- Re: Certification (was Re:Vulnerability Response) Dave Piscitello (Jun 18)
- Re: Certification (was Re:Vulnerability Response) Vladimir Parkhaev (Jun 18)
- Certification (was Re:Vulnerability Response) Gwendolynn ferch Elydyr (Jun 04)