Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: "Thomas W Shinder" <tshinder () tacteam net>
Date: Fri, 7 May 2004 07:51:17 -0500
I don't think "Don't use Windows" is a viable option in the long term. Non-Windows OS servers have reached critical mass, especially in the enterprise space, making them tasty targets. When non-Windows client systems reach critical mass, exploits target against them will surely come fast and furious. And unless the non-Windows OSs are "Windows-ized" so that someone takes responsibility for fixing them, you'll end up having to pay even more to move back to an Microsoft solution, since Microsoft will have its security issues handled and the fledgling Linux vendors will just be ramping up their IR efforts. The Windows v. Linux security debate isn't about inhernet security issues, its about total attack surface. The per capita attack surface on Windows OSs continues to decrease while the Linux systems seem to stay about the same. But the aggregate attack surface for Windows systems is much higher because of their market penetration. I do expect the market penetration for Linux systems to increase in the next 5-10 years where its aggregate attack surface will be much larger than Microsoft's . The "Windows-ized" vendors will try to play catch up while Microsoft will have its systems in place. And this doesn't even take into account the "OS by committee" for non-vendor Linux system. Anything that is based on a "depend on the kindness of strangers" approach isn't something you can have a lot of faith in. At least it didn't work in Tara ;-) While recommending moving away from Windows might represent a security ploy in the short term, the long term costs would be prohibitive for larger organizations that move away, and then move back, to Microsoft. Tom Thomas W Shinder, M.D. www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Crispin Cowan [mailto:crispin () immunix com] Sent: Thursday, May 06, 2004 5:02 PM To: Paul D. Robertson Cc: Carson Gaspar; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Worms, Air Gaps and Responsibility Paul D. Robertson wrote:
With all the money spent on "security" solutions that aren't as
effective
as "don't connect"- how many companies even look at their user
population
risk profiles and architect for it? Not connecting is *really* cheap
and
*really* effective.
Really effective I'll believe (it definitely is secure) but really cheap I will challenge. IT facilities like e-mail and web do a lot to reduce operational costs. If you declare everyone's workstation to be "production" and disconnect them from the Internet then you may end up deploying a second set of workstations for Internet access, and that is not cheap. OTOH, I advocate somewhat less drastic solutions like "don't use Windows", which is also "really cheap and really effective", and "adult supervision" tells me how unrealistic my proposal is with objections similar to my objections for disconnecting. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility David Lang (May 10)
- Re: Worms, Air Gaps and Responsibility George Capehart (May 07)
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 06)
- Re: Worms, Air Gaps and Responsibility Crispin Cowan (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Bennett Todd (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 07)
- Message not available
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 07)