Firewall Wizards mailing list archives
RE: Ok, so now we have a firewall, we're safe, right?
From: "Bill McGee (bam)" <bam () cisco com>
Date: Wed, 1 Jun 2005 16:03:03 -0700
This is a classic "perfect world" versus "real world" scenario. I think Chris Blask nailed it on the head earlier when he said we have to acknowledge (and live with) the limitations of what we have while working to build something better. That's a challenge to be taken individually AND as a collective. Generally, I preach risk management rather than hard-line security, because it is language that upper management tends to understand (even better than ridicule and abuse, plus you tend to not get fired as often ;-)). Maximum risk reduction is always going to be a moving target, but any reasonable security policy is based on a plan-build-analyze-improve model that even the most curmudgeonly executives can buy into. The biggest challenge is that we have to live with the tools (and budgets) we have, so a holistic approach is always going to be better than the more common approach of over-investing/over-relying on a single box with the latest gee-whiz features. This has probably contributed to more problems than just about anything else, IMO. Rather than praying/whining/demanding for folks in the security industry to "get it right," we need to start now by putting (or, in many cases, simply turning on!) security everywhere (endpoints, gateways, servers, appliances, routers, switches, what-have-you), get these bits-and-pieces talking to each other whenever and wherever we can, and at the same time ensure that our Moms can still download pictures of their grandkids without having to call us for tech support (I, for one, would REALLY appreciate that!) -bill -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Mark Tinberg Sent: Wednesday, June 01, 2005 11:17 AM To: Marcus J. Ranum Cc: Paul D. Robertson; Fritz Ames; Ben Nagy; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Ok, so now we have a firewall, we're safe, right? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 31 May 2005, Marcus J. Ranum wrote:
They're sensitive to ridicule and abuse. They're impervious to clues.
While I appreciate the sentiment, I don't think that approach will work for everyone. Not everyone is curmudgeonly enough or has the cojones to enter into an adversarial relationship with their superiors. I don't want that kind of stress and tension in my life, at my work, putting out fires is less stressful for me. I'm lucky that my bosses are largely intelligent people with whom I can discuss problems and often-times come to a better solution than what I had originally proposed. Sometimes we disagree, and my bosses are wrong 8^), but part of my job is that when a decision is made above my pay-grade, to do what I'm told. I suppose I could quit every other month when something doesn't go my way, like a petulant child, but that doesn't seem productive to me. At least that's how I see it. I know that some people will and some won't understand where I'm coming from, but I thought the statement should be made, as an FYI, not so much as a discussion. - -- Mark Tinberg <MTinberg () securepipe com> Network Administrator, SecurePipe Inc. Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCne1wFu7F5OUjbGcRAtooAJ0bjK4/4fLMwwFFjgObl6wv5uFBlwCgyIDb JhaSOj0FKAhIi/ngzfk9lr8= =te14 -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Ok, so now we have a firewall, we're safe, right? Mark Tinberg (Jun 01)
- RE: Ok, so now we have a firewall, we're safe, right? Tina Bird (Jun 01)
- <Possible follow-ups>
- RE: Ok, so now we have a firewall, we're safe, right? Bill McGee (bam) (Jun 01)
- Message not available
- Going meta (was RE: Ok, so now we have a firewall...) Marcus J. Ranum (Jun 02)
- Re: Going meta (was RE: Ok, so now we have a firewall...) Bennett Todd (Jun 02)
- Re: Going meta (was RE: Ok, so now we have a firewall...) Scott Stursa (Jun 02)
- Re: Going meta (was RE: Ok, so now we have a firewall...) Chris Blask (Jun 04)
- RE: Going meta (was RE: Ok, so now we have a firewall...) Brian Loe (Jun 10)
- Re: Going meta (was RE: Ok, so now we have a firewall...) R. DuFresne (Jun 10)
- Re: Going meta (was RE: Ok, so now we have a firewall...) Marcus J. Ranum (Jun 04)
- Message not available
- Re: Going meta (was RE: Ok, so now we have a firewall...) Dave Piscitello (Jun 02)
- Re: Going meta (was RE: Ok, so now we have a firewall...) Marcus J. Ranum (Jun 02)