Re: Castles and Security (fwd)

["Crist Clark" <crist.clark () globalstar com>]

"Marcus J. Ranum" wrote:
> > I don't think references to the fact that the Maginot Line
> > and Eben-Emael were dispatched so easily detract at all from the utility of
> > the castle analogy.
>
> Just a mention - the Maginot Line was quickly dispatched the _first_
> time. The second time (when Allied troops were heading into Germany)
> it was a formidable obstacle that cost a lot of effort to overcome. There
> was nothing wrong with the defenses, only with how the French manned them.
> Or, perhaps, there was nothing wrong with how the French manned them -
> it's just that there was something _more_ _right_ about how the Germans
> attacked them. A new form of rightness. This is also analogous to incidents
> I've seen where a perfectly good firewall was ineffective because it was installed
> "backwards" or otherwise wrong.

IIRC, Germany "dispatched" the Maginot line by pretty much going around
it; a little detour through Belgium. Bringing that maneuver back to some
IS analogies, one might draw parallels to something akin to avoiding a 
tough firewall/gateway by cutting through a less secure business partner's 
network which has direct connectivity to the net behind the barrier. Getting
past using a dial-up is a stretch and obviously the better Eben-Emael analogy.

(Or am I repeating where this thread started... It started o' so long ago.
Or at least it seems that way.)
-- 
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards