Firewall Wizards mailing list archives
Re: A fun smackdown...
From: marty () supine com (Martin)
Date: Sat, 21 May 2005 08:05:25 +1000
$quoted_author = "Paul D. Robertson" ;
On Tue, 17 May 2005, Martin wrote:"Be liberal in what you accept; be strict in what you send."_All_ effective security controls break that tenet. The more liberal your controls, the more risk you assume.
My original use of the quote was in the context of "adaptive" IDS/IPS as mentioned in the article. If the system gets too "smart" about recognising "new"[1] attacks then it can break that tenet and deny legitimate traffic. I guess the point I'm trying to make that in a security context the quote only applies to protocols / connections that should be allowed according to policy but may be denied due to "smart" software[2]. cheers marty [1] where "new" = "no signature / fingerprint / definition available for it" [2] which doesn't really exist, all software sucks. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- RE: A fun smackdown... lordchariot (May 21)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)
- RE: A fun smackdown... Paul D. Robertson (May 19)