Re: RE: firewall-wizards digest, Vol 1 #1725 - 9 msgs

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 25 Jan 2006, Matthew.Harvey () usdoj gov wrote:

> focus on physical security. If I ever told someone that we "didn't need"
> motion detectors or roving guard checks because our access control was
> THAT good, I don't think I would have lasted too long. Yes, in an ideal

A lot of us learned that way- however the point you're missing is that 
you're putting IR sensors tuned out to 300m to guard a bunch of bills 
secured in a cardboard box in the middle of Times Square on New Years Eve.

> world no "bad" traffic can get through a properly configured proxy
> firewall, BUT the bad guys have imaginations, too! Often better and more
> evil imaginations that the guys who wrote the protocols and maybe even
> better than the guy who wrote the proxy (sorry, MJR, but it is
> possible).

That doesn't change the fact that if you're not doing the basics right 
then bells and whistles don't improve your overall security posture as 
much as getting the basics right will.

Look at Avishai's study- then tell me that more IDS is the first thing we 
need, and do it with a straight face.  Passive IR is a cool technology, 
but it sure as heck shouldn't be your first or only line of defense.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
http://fora.compuwar.net      Infosec discussion boards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards