Firewall Wizards mailing list archives
RE: Intrusion Detection
From: Russ <Russ.Cooper () rc on ca>
Date: Fri, 17 Apr 1998 19:04:02 -0400
In many ways it would be nice to have some universal sort of way to explain policy to devices, but in doing so machine misinterpretation of that policy might distribute errors to multiple devices.
Well, there are pros and cons here. I might prefer to have the same error throughout my environment rather than having the potential to create errors in numerous independent implementations. If I misconfigure and open a hole, I do so everywhere using a common policy deployment. If I don't, I multiply the times of opportunity to introduce a hole (each configuration introduces another opportunity), and reduce the possibility of discovering it myself (because I have to audit numerous implementations).
I'm far from saying that I have even a really strong clue how to deal with this in a clean way, but too tight a coupling could lead to a serious problem, as I see it.
Well, I won't argue your "serious problem", but maybe we need to define serious better. I would end up with a more "wide-scale problem" using mass policy deployment. That could possibly lead to an increased opportunity for exploit. On the other hand, if I only have to monitor a single policy configuration method, I might be able to do a better job of it. For example, instead of having to have a Firewall Administrator at every site, I might be able to take half as many bodies and place them in a central Firewall Operations Center (FOC), and then use an approval policy that has configuration changes signed off by multiple individuals. If the process is automated, then the same theories apply to the process that modifies how the AI deals with things. Cheers, Russ Cooper R.C. Consulting, Inc. - NT/Internet Security Moderator of the NTBugtraq mailing list http://www.ntbugtraq.com
Current thread:
- Re: Intrusion Detection, (continued)
- Re: Intrusion Detection Mark Horn [ Net Ops ] (Apr 20)
- Re: Intrusion Detection Marcus J. Ranum (Apr 20)
- Re: Intrusion Detection tqbf (Apr 14)
- Re: Intrusion Detection HSKarim (Apr 15)
- RE: Intrusion Detection Gary Crumrine (Apr 15)
- Re: Intrusion Detection darrenr (Apr 15)
- Re: Intrusion Detection Tina Bird (Apr 15)
- RE: Intrusion Detection Marcus J. Ranum (Apr 15)
- RE: Intrusion Detection Wright, Steven (Apr 15)
- Re: Intrusion Detection John McDermott (Apr 17)
- RE: Intrusion Detection Russ (Apr 17)
- RE: Intrusion Detection John McDermott (Apr 20)
- RE: Intrusion Detection Russ (Apr 22)