Firewall Wizards mailing list archives

Re: Cisco PIX bug, discussions (lenghty)

From: Travis Low <tlow () mindq com>
Date: Wed, 26 Aug 1998 09:34:30 -0400

At 09:58 AM 8/25/98 -0700, Ryan Russell wrote:


If I may also make a sweeping statement:

Performance isn't relevant to security applications.  I.e. you
can't say "it will hurt performance, so we'll leave out some
security."  If that were a consideration, we wouldn't use firewalls.
Realistically, that means that if it's too slow we buy bigger
boxes or suffer along at a slower pace.


End users don't like to suffer.  If performance is lousy, they will try to
circumvent security procedures in order to get Real Work done.  Thus,
security policy implementations need to take human impatience into account.
 It follows that performance is relevant to security. 

Real life example:  Company allows zero incoming TCP connections, so users
secretly buy and install modems.

Travis

--------------------------------------------------------------------
Travis Low                                          MindQ Publishing
tlow () mindq com                        11490 Commerce Park Drive #400
+1 703 262 6616 (vox)                       Reston VA 20191-1532 USA
+1 703 716 0237 (fax)                           http://www.mindq.com
--------------------------------------------------------------------
    "What are you eating?  Are you a rubbermint?" -- Tiernan Low

Current thread:

Re: Cisco PIX bug, discussions (lenghty), (continued)
- - Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 25)
    - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
    - Re: Cisco PIX bug, discussions (lenghty) Kevin Steves (Aug 28)
  - Re: Cisco PIX bug, discussions (lengthy) Frank Willoughby (Aug 26)
  - Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
    - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
    - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
    - Message not available
    - Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
  - Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Travis Low (Aug 26)
  - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)