Security Basics mailing list archives
Re: IPTables Based Firewall Testing - apps
From: larsmith <larsmith () tds net>
Date: 19 Dec 2003 21:54:54 -0500
Alvin Oga stated "if your IDS detects a problem ... its too late .. game over ... - the cracker is inside .." For all it matters, I agree and disagree. We have a "rat trap" sort of policy which has worked effectively. So far, no breaches. We're sports minded and make sport of seeing how quickly we trip intruders up ... and who's trip-wire got him/her/it. While taking security seriously, we don't lose sleep over it and have found ways to ENJOY implementing various trip-wires along the way. We keep score. We keep the competition alive amongst ourselves. That way, we remain students, forever learning. Each of us has our respective hot-spots and methodologies which we are convinced are best and in which we have the most interest and, good sports that we are, we enjoy bringing what we continue to learn back to work to implement. Alvin also wrote "80% of security problems are usually from "management" and "misguided admin" that hasnt been thru the school of hard knocks yet and dhcp, wireless and laptops makes the problem 1000x more complex even though nobody does "real work" at home on their laptops "(in)secure home environment" and hotels and internet cafe" This is Security 101 ... as we all know ... and yet, sadly, we can't get management to so much as read the syllabus. Sigh. And I agree that if it wasn't for script kiddies and "wunna beez", InfoSec PenTesting would be much more expensive, laborious and frustrating. Years ago, I was taught by a wise man that if I wanted to become good at something ( like chess, tennis, etc. ) that I should always play against people that were better than me. When there's no chance of us being beaten, it ceases to be worth playing and we'll never get any better. If anything, we'll become slack and ineffective. Bring on the competition !! And pray that they're GOOD !! Allan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: IPTables Based Firewall Testing - apps larsmith (Dec 22)