Full Disclosure mailing list archives
Re: CyberInsecurity: The cost of Monopoly
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 28 Sep 2003 21:21:37 +0200
On Sun, Sep 28, 2003 at 08:04:58PM +0200, Michal Zalewski wrote:
I'd argue... many vendors (Okena aka Cisco, BlackICE aka ISS, etc) provide integrated corporation-wide mechanisms for enforcing group firewalling, access and logging/IDS policies on workstations or groups of workstations (and, why not, also servers).
I've looked at one or two such products, and if you leave some technological issues aside (I don't like it when both the original vendor and an ISV tamper with the TCP/IP stack, this could have unwanted consequences), they were rather nice, except for the prohibitive licensing model and the limited applicable in heterogenous networks (i.e. more than just Windows 2000 and XP, and maybe Red Hat). It seems to me that this technology is not universally suited for pampering over administrative problems. For recovery purposes, I'd rather have control over the network traffic after it has left the host, so that it's easy to trace it back to the source and null route it.
There are some ridiculously expensive "firewall switches" that are IP-aware and enable per-port separation and firewalling...
You can do this with any 802.1q-capable switch and a PC as a router. Peak performance sucks, but that's typically not a problem. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: CyberInsecurity: The cost of Monopoly, (continued)
- Re: CyberInsecurity: The cost of Monopoly Peter Busser (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Fabio Gomes de Souza (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Peter Busser (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Chris Stewart (Sep 26)
- RE: CyberInsecurity: The cost of Monopoly *Hobbit* (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Karl DeBisschop (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 28)
- Re: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Rick Kingslan (Sep 27)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Pudent default security - Was: CyberInsecurity: The cost of Monopoly security () brvenik com (Sep 28)
- Re: Pudent default security Paul Schmehl (Sep 28)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Ed Carp (Sep 29)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Ed Carp (Sep 29)