Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: Bill McGee <bam () cisco com>
Date: Fri, 03 Apr 2009 09:23:17 -0600
Yikes! Wouldn¹t it be nice if we all lived in Marcus¹ world? Perhaps we ought to just mandate that everyone scrap their current networks and have Mr. Ranum come in and redesign them from the ground up. We would clearly end this issue of security breaches once and for all. In the meantime, we really ought to be helping folks move from WHERE THEY ARE to WHERE THEY NEED TO BE, even if it¹s in incremental baby steps, based on ability, budget, and sensitivity to risk. This is the world that Chris and I live in, and until Marcus¹ parallel universe overtakes our own, this is the battle we all must fight. Is that a nod for mediocrity? Hardly. The reality is that, incompetent or not, many IT managers are doing the best they can with what they have, with real constraints on what they can do next, and need our help within that context. Short of a Ranum dictatorship, we really need to recognize that wide-eyed idealism, however well-intentioned, is never a reasonable replacement for dealing with the vagaries of the reality we actually inhabit. -bill On 4/3/09 8:31 AM, "Chris Blask" <chris () blask org> wrote:
Marcus J. Ranum <mjr () ranum com>, Friday, April 3, 2009 9:06:53 AMChris - you're better than this. Stop being an apologist for mediocrity.I wouldn't put it that way myself, but I also wouldn't argue the fine points of the definition. We live in a world of varying perfection and - while it is a wonderful thing to effect perfection where possible - it falls on us to devise solutions that also have a positive impact on mediocrity and even, where possible, function in the presence of incompetence. It wouldn't be defensible for me to take this position unless there were others out there railing for perfection, but we're never short of such voices in our field.All of us understand that you can do a half-assed job, or that you can throw up your hands and say "things suck but I'll do the best that I can in the circumstances." We all know that. But please don't adopt defeatism as policy.I leave it for others to judge, but I would hope that accepting defeatism is not a descriptive that would apply to me. Rather, I would say that I accept situations the way they are when I show up and do what I can to improve them. Whether it is accurate to say that a given situation sucks is a qualitative judgement that really requires a great deal of insight into the back story regarding how it got to the current state, and whether through lack of patience or attention span (I embrace my ADD) I only care about the past as it applies to the options for the future. Sure I often find myself in the position to be accused of 'defending mediocrity', but it's not in the context of giving up and accepting defeat. It's just the only way I know to limit the options I focus on to the ones that could actually appear in the real world. -chris _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Potter, Albert (Al) (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls lordchariot (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Dotzero (Apr 03)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 03)
- Re: PCI DSS & Firewalls Bill McGee (Apr 03)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 05)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 06)
- Re: PCI DSS & Firewalls Chris Blask (Apr 06)