Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Worms, Air Gaps and Responsibility

From: Adam Shostack <adam () homeport org>
Date: Tue, 18 May 2004 11:02:36 -0400
On Tue, May 18, 2004 at 09:29:01AM -0400, Dana Nowell wrote:
| >Perhaps for viruses, but not for worms as these devices tend not to be
| >permanently wired or reachable.
| >
| 
| Yup.  So imagine a case where you have an internal worm/virus outbreak and
| you clean up.  Next day it is back, you scour your network and clean up
| everything.  Next day it's back, eventually you find some guy syncing his
| Palm to his desktop or an intermittently connected  wireless iPaq is the
| root cause, chase that one down.  
| 
| As a general case, I'm whining about intermittently connected devices
| having direct access to the internal network.  We talk about all sorts of
| restrictions on home PC connections, what about the 'next generation'
| (based on roll-out not technology) wireless devices (bluetooth, WiFi,
| 802.11)?  Assume you have a PDA like device in your pocket and are walking
| down the street.  Guy with an infected phone walks past and BAM, welcome to
| the nightmare.  Is that today, no.  Is that within say 5 years, possibly.
| Show me YOUR plans for firewall protection of bluetooth, wireless USB, and
| similar connections (yes some stuff is/can be built in by design but buffer
| overflows and other exploits can be built in by accident;).

I think the issue is insecure systems that remain insecure.  You get
the same behavior from backups restoring viruses.  So the issue is not
a firewall issue, but a network design & upgrade issue--how do you
flow changes in such a way that you're not breaking things?

Adam
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: