Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 64, Issue 3 phishing
From: Dave Piscitello <dave () corecom com>
Date: Sat, 13 Apr 2013 11:30:32 +0200
I suspect that a composite of what Stephen, Kyle and I constructed yields a reasonable analog for the current and sad state of affairs. On Sat, Apr 13, 2013 at 3:01 AM, Kyle Creyts <kyle.creyts () gmail com> wrote:
For one, the ship's hull is supposed to have "leaks" because water is supposed to flow through the hull, this is how this particularly strange ship operates and provides the passengers with essentials to do their duties. Otherwise we'd keep it out of the water. (ha ha, air gap) However, as security folk, we're rather concerned about things that are toxic to the passengers coming in with the water... Unfortunately, to most of the systems we use to filter hull intake and output, protecting the passengers and their belongings, the toxic materials tend to look a lot like water. Most of these filters don't even know what the toxins are today. They're mostly throwback technology from a time before toxins, which only had to know the difference between water, seaweed, and sand. They know what water typically looks like, and they'll keep out the seaweed and sand, but we've told them that we want to let water in. Some newer systems are a bit better about filtering out the toxins, but they frequently cost quite a bit, and most ships continue to run without them in place. Of course most of the passengers can't distinguish either. In spite of people running around and announcing the dangers of toxins, nobody really seems to know how to teach the passengers to identify them, and most of the passengers are in too big of a hurry to care; drinking one glass of water with toxins in it probably won't kill them. Besides, many of them have filters on the faucets. Even if most of the faucet filters can only catch toxins they've seen before... Some passengers even bring toxins with them onto the ship. As others have mentioned, this whole process is only one of many responsibilities of those responsible for it, if they are even still with the ship. There are only so many engineers on the boat, they usually have to be trained to maintain this process or clean up toxins, and they have a lot of other systems to care for. On Fri, Apr 12, 2013 at 1:33 AM, Dave Piscitello <dave () corecom com> wrote:Stephen, I think your premise - that we are comfortable with this architecture - is wrong, at least for this choir. Your analog also only looks at one dimension of the problem space. - the ship hull is compromised - the pumps are working because someone thought to enable this automation, and he's now serving on another ship - much of the crew are not competent to deal with the crisis, and don't have the time to fully assess the damage because they are distracted by requests to solve far less critical issues so that other of the ship's services remain in operation for the passengers - the passengers pay no attention to the warnings, alarms, and have no clue as to how to abandon ship I suspect that few on this list are comfortable with this scene. The pump is there for many because it's keeping the ship afloat while we patch and re-think how to prevent future hull breaches. Part of re-thinking is coming up with better monitoring (of hull integrity) and AWS; part is raising competencies among crew, and part is raising security awareness among passengers. All of these require the captain's approval and the captain has to empower the officers. On Thu, Apr 11, 2013 at 8:46 PM, Stephen P. Berry <spb () meshuggeneh net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Michealson writes:Check Point's gateway based AV went cloud based last fall. It has over 6M signatures. They also have AntiBot, which has hundreds of millions of IP and hosts classified. They are reclassifying 50k sites/hosts a day with their ThreatCloud, and ThreatEmulation is in EA. Their Application Control has 4900 apps defined locally and 300K in the cloud. Combined with education these are very effective tools.Perhaps I just have a bad attitude, but I'm imagining a ship with a great jagged hole below the water line and a very high output bilge pump that's almost but not quite keeping up with the flooding. The ship doesn't sink -immediately-, and hey that is a pretty impressive pump. But I'm not sure that I'd say that the pump is a very effective tool, because the task I'm actually concerned with isn't---or, I would argue shouldn't be---pumping water out, which the pump does quite well, but rather with keeping the ship seaworthy by keeping the water from getting in in the first place, and the pump doesn't do that at all. I'm not trying to badmouth Checkpoint here. I'm sure their product is wonderful for what it is. But I find it distressing how comfortable we've become with living with network architectures that are perpetually in a state of failure. That are designed failed. You speak in glowing words of the monumental efforts expended by Checkpoint. But while I can admire all that hard work, when I see as system that -needs- this sort of heroic effort -on an ongoing basis- just to continue functioning, I see a system that is fundamentally broken. - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBUWcEsR+T8Ptkg9h9AQI4swf/SAXPVaI8DXdOZ7OaUpcBUe6t2Y6ZQCGX 9VB0F2/3pyTWWdcVNUcDMVAiasgF1Pc/uHEhGFbFJNB13ubiUDsvQmjwJMkhN5fk GRT1eJLQrwSjAhzpwnQxTnQQQxwGBlaCb9Lo3db/PMZcxwFaYjzWncthZ6tX9YW5 IOD1Th0fvOEEJvtl+imqYanWUC2HXFJPP+F2f8eswOv2EI80C38EnTd/+Bn6vRcW PkCKJO3RCwRjdDACIlS/bx4aMrt36M/bbGgF+mRtn3NNNHqeGkMQV490b8pvRlxM DfeH/RAdUdOMQ7PVRCJAEKreI268ywabltzOya5MPBhY3RjRgJeBJQ== =JaqR -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards-- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 12)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Kyle Creyts (Apr 12)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Marcus Ranum (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Bill Kyle (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Magosányi Árpád (Apr 16)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing David Lang (Apr 30)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Stephen P. Berry (Apr 16)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Kyle Creyts (Apr 12)