Firewall Wizards mailing list archives
Re: Apology - not necessary
From: "Paul D. Robertson" <proberts () clark net>
Date: Thu, 1 Oct 1998 09:35:21 -0400 (EDT)
On Wed, 30 Sep 1998, Stephen P. Berry wrote:
A reasonably informed paranoid person would realise that if past behaviour is a good metric for estimating future behaviour, then a person or organisation has far greater risk of being covertly monitored by their own government than a foreign one. Should we then avoid security products developed in our own nation?
Of course, your predicate doesn't always bear fruit because in INFOSEC, it isn't always the *gaining* of information that does the damage, it's the *use* of that information. I've yet to see, for instance, the USG (whom we all know has a history of monitoring things covertly) be accused of handing information gleaned from monitoring or a company directly to a competitor. In fact, in this alt.conspiracy-like world, it doesn't even come up as a fanciful conspiracy with made-up codewords on a regular basis. "F00F bug leaked to AMD by NSA analysts causes drop in Intel stock price, sources learned today that as a part of project MUHAHAHAHA..." Corporate espionage isn't linked to state espionage everywhere, where it is, there's good reason to be careful. If someone goes on a murdering rampage, serves time, then goes on another murdering rampage, is it prudent to let them out again?
Beyond that, that same reasonably informed paranoid person would probably come to the conclusion that background checks for and daily body searches of the custodial staff would do more to thwart any possible Mossad surveillance efforts than not using Firewall1 would.
1. We don't install Sendmail V3 just because BIND may have holes. 2. It's much, much more expensive to co-opt the cleaning staff at 10,000 companies than to co-opt a product used at 10,000 companies. 3. Few companies I've seen let the cleaning staff have unescorted access to the machine room. 4. The cost (economic and political) of seaching staff is ongoing. The cost of chosing a different firewall (which hopefully is on a list of several potential candidates) is rather minor.
And if any of the above scenarios are a serious concern, the reasonably informed paranoid person probably wouldn't be using a commercial firewall in any case.
That's not true at all. Despite the rise in corporate espionage in recent times, reasonably informed parnoids don't make all of the purchasing and support decisions in large corporations.
Further, our reasonably informed paranoid person would probably avoid developing and implimenting a security infrastructure in which a single point of failure would result in overall compromise of the entire enterprise[1]. If your firewall actually -had- an Israeli backdoor,
I'm not sure it takes overall compromise to be a terribly bad thing. Traditional firewall implementation models don't account well for certain firewall backdoors. It's a complete and utter pain to get inside screening routers implemented in a lot of places *and* with a packet filtering firewall, they're nowhere near as effective as with a proxy, since packets are sourced from anywhere on the planet. Obviously, the case for an inside screen is the same when it comes to firewall bugs or backdoors, but overall the cost/benifit for a packet filter is much less, since you can't effectively filter traffic traversing the borders from everywhere in existance.
pragmatically what impact would that have on your business? Would you find out about it if it was used?
It's reasonable to look under cars to check for bombs (been there, done that), and it works enough of the time, is quick enough, and gives enough of a comfort level that a 3rd party hasn't booby-trapped a trusted party's vehicle. When the threat level goes up, it's reasonable to look under hoods, in trunks, backseats, etc (been there, done that too). In traditional security, the threat level is normally easy to gauge, but that's with a fully functioning intelligence arm, agents, snooping, and all that. Impact is directly tied to both inherent security (eg. no vehicles on post) and measures used to increase inherent security (eg. now we check all the engine compartments since we didn't stop POVs from coming on post with our initial policy). In Internet security, we haven't a good way to build threat models except in the most obvious of circumstances. We generally don't have a way to escallate the threat condition anyway. Therefore, the initial policies and implementation are even more important. Having just lost the "don't put the parking lot anywhere near the building" argument (What do those IS folks know? - the architect has made lots of buildings and this design is pretty!), I can tell you for sure that I'd have a serious problem buying automatic access equipment from "Bin-Laden's garage door company." Your Paranoia May Vary. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: Apology - not necessary Stephen P. Berry (Oct 01)
- Re: Apology - not necessary Paul D. Robertson (Oct 01)