Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Apology - not necessary

From: "Paul D. Robertson" <proberts () clark net>
Date: Thu, 1 Oct 1998 09:35:21 -0400 (EDT)
On Wed, 30 Sep 1998, Stephen P. Berry wrote:


A reasonably informed paranoid person would realise that if past
behaviour is a good metric for estimating future behaviour, then a
person or organisation has far greater risk of being covertly monitored
by their own government than a foreign one.  Should we then avoid
security products developed in our own nation?


Of course, your predicate doesn't always bear fruit because in INFOSEC, 
it isn't always the *gaining* of information that does the damage, it's the 
*use* of that information.  I've yet to see, for instance, the USG (whom 
we all know has a history of monitoring things covertly) be accused of 
handing information gleaned from monitoring or a company directly to a 
competitor.  In fact, in this alt.conspiracy-like world, it doesn't even 
come up as a fanciful conspiracy with made-up codewords on a regular basis.
"F00F bug leaked to AMD by NSA analysts causes drop in Intel stock 
price, sources learned today that as a part of project MUHAHAHAHA..."  

Corporate espionage isn't linked to state espionage everywhere, where 
it is, there's good reason to be careful.  If someone goes on a murdering 
rampage, serves time, then goes on another murdering rampage, is it 
prudent to let them out again?  


Beyond that, that same reasonably informed paranoid person would probably
come to the conclusion that background checks for and daily body searches
of the custodial staff would do more to thwart any possible Mossad
surveillance efforts than not using Firewall1 would.


1. We don't install Sendmail V3 just because BIND may have holes.

2. It's much, much more expensive to co-opt the cleaning staff at 10,000 
companies than to co-opt a product used at 10,000 companies.

3. Few companies I've seen let the cleaning staff have unescorted access to 
the machine room.

4. The cost (economic and political) of seaching staff is ongoing.  The 
cost of chosing a different firewall (which hopefully is on a list of 
several potential candidates) is rather minor.


And if any of the above scenarios are a serious concern, the reasonably
informed paranoid person probably wouldn't be using a commercial firewall
in any case.


That's not true at all.  Despite the rise in corporate espionage in 
recent times, reasonably informed parnoids don't make all of the purchasing 
and support decisions in large corporations.


Further, our reasonably informed paranoid person would probably avoid
developing and implimenting a security infrastructure in which a single
point of failure would result in overall compromise of the entire
enterprise[1].  If your firewall actually -had- an Israeli backdoor,


I'm not sure it takes overall compromise to be a terribly bad thing.  
Traditional firewall implementation models don't account well for certain 
firewall backdoors.  It's a complete and utter pain to get inside 
screening routers implemented in a lot of places *and* with a packet 
filtering firewall, they're nowhere near as effective as with a proxy, 
since packets are sourced from anywhere on the planet.  Obviously, the 
case for an inside screen is the same when it comes to firewall bugs or 
backdoors, but overall the cost/benifit for a packet filter is much less, 
since you can't effectively filter traffic traversing the borders from 
everywhere in existance.


pragmatically what impact would that have on your business?  Would you
find out about it if it was used?


It's reasonable to look under cars to check for bombs (been there, done that),
and it works enough of the time, is quick enough, and gives enough of a 
comfort level that a 3rd party hasn't booby-trapped a trusted party's vehicle.
When the threat level goes up, it's reasonable to look under hoods, in trunks,
backseats, etc (been there, done that too).  

In traditional security, the threat level is normally easy to gauge, but 
that's with a fully functioning intelligence arm, agents, snooping, and all 
that.  Impact is directly tied to both inherent security (eg. no vehicles on 
post) and measures used to increase inherent security (eg. now we check all 
the engine compartments since we didn't stop POVs from coming on post with our
initial policy).  In Internet security, we haven't a good way to build 
threat models except in the most obvious of circumstances.  We generally 
don't have a way to escallate the threat condition anyway.  Therefore, 
the initial policies and implementation are even more important. 

Having just lost the "don't put the parking lot anywhere near the 
building" argument (What do those IS folks know? - the architect has made 
lots of buildings and this design is pretty!), I can tell you for sure that 
I'd have a serious problem buying automatic access equipment from 
"Bin-Laden's garage door company."

Your Paranoia May Vary.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280
Previous By Date Next
Previous By Thread Next

Current thread: