Re:Vulnerability Response (was: BGP TCP RST Attacks)

[Chris Blask <blask () protegonetworks com>]

At 08:22 PM 6/3/2004, Margles Singleton wrote:
> > Brian Ford Spake:

> > I don't agree that best practices are flowing through the community. Lots 
> > of folks are using stuff that isn't working well.  They don't know what 
> > else is out there or how anything else other than how "their thing" works.

Depends what you mean by "flowing".  It's not the Nile River, but it keeps 
the structure ticking away so far.  Brian, you know I understand the need 
for canaries in the coal mine, but there's lots of canaries so I'll let 
others carry that burden and I'll be the Bluebird of Optimism... ;-)

> Speaking as a newbie, these lists are a great thing:  I "listen" to how 
> experienced folks think and argue - and I learn.  I believe there are many 
> folks like myself on these lists, simply listening in order to improve 
> their skills and knowledge.

'Freedom of Speech Proven to Work.  Central Control heard to mutter 
"damnit" before tripping over a box of Approved Worker Units, falling down 
a staircase and breaking its neck.'

> When I moved into security, SANS was decidedly the best thing I ever did 
> for myself.  I was working for a company that had no security 
> awareness/department, and I had to figure out *everything* for 
> myself.  SANS gave me a road map, and a yardstick by which to measure my 
> progress.

Left to your own devices you figured out where to start, worked through a 
session some other folks made avaliable for their own self-directed 
reasons, then monitored the thoughts of people attempting similar tasks.

Isn't that just incredibly cool?

Never forget that only a few decades ago it was a serious debate among 
Learned Folks whether people needed to be Centrally Controlled or were 
better off left to their own devices.  The moment-by-moment existence of 
the Internet is proof that Central Control can go hang itself, quietly, 
thank you very much.

In some ways the debate goes on, and we can Never Let Them Win.

> Something I noticed, however:  the SANS conferences draw a large crowd - 
> but a very small percentage of those attending ever certify.  I think this 
> demonstrates that old saw:  "You can lead a horse to water, but you can't 
> make him think...."

Darwin.

Even better, turns out Darwin works inside individuals - we evolve at meme 
speed.  There remains hope for many of the un-watered.

> Unless - I believe until - security can be packaged in a black box, there 
> will not be tremendous gains in security.  My reasoning?  Black boxes are 
> those technologies that we have faith in working without knowing 
> why:  microwaves, cars, and TV sets are all examples.  A NASCAR team will 
> know the fine details of tuning a car, but the Great Unwashed will 
> not:  they will simply turn the key and go - and this is how it should be 
> - and I believe in future it will be like that for security as well.

True.  To an extent it is already.  Lots of things that used to take a 
great deal of expert handiwork are already available in sheetmetal boxes.

Why trust sheetmetal boxes?

1 - don't.

2 - trust your ability to make informed choices on what sort of trust to 
put into each piece of your defenses.

3 - if you take the effort and responsibility to be informed, you can 
determine which sheetmetal boxes are being produced by folks who are 
following Darwinistic Success Paths and use such boxes in your defense 
structure.

You shouldn't have to mine the ore and grind the gunpowder yourself, but a 
reliable MK 15 Phalanx Close-In Weapons System sure can come in handy from 
time to time...

> In the meantime, I don't believe there is a more exciting time to be 
> working in the field of security than NOW, before everything is packaged 
> up in dull, boring, black boxes that anyone can utilize.

I agree.

Still, I think playing with the boxes and arranging them against bad guys 
will be fun for a while yet.  There's still a lot of brand new thinking to do.

What Brian and many others are saying remains true - there's a lot of work 
to be done and no time for lolly-gagging around.  I just have exceptional 
trust in individual's aggregate ability to seek success.

> Frankly, I think all you guys and geeks are getting too easily 
> discouraged, and not recognizing the great job that you are all doing - 
> INCLUDING communicating....

Yep yep!

I love it!

Go Freedom of Speech!

:-)

-chris



Chris Blask
Vice President, Business Development
Protego Networks Inc.

(1) 416 358 9885- Mobile
(1) 408 262 5220 - HQ
(1) 408 262 5280 - Fax

blask () protegonetworks com
www.protegonetworks.com

Protego MARS - Integration, Insight and Control

Integration.  Insight. Control.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards