Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Castles and Security (fwd)

From: "Harris, Tim" <tharris () ocair com>
Date: Wed, 3 Jan 2001 17:25:22 -0800 
I rather like the analogy of the castle so long as you don't
try to stretch it too far.  Remember that a castle has two primary
modes of operation (with lots of gray in between), open and closed.
In the closed mode a castle is quite good at keeping out spies.

We operate in a restricted mode where access is limited.  The moat
and the wall funnel most people onto the drawbridge where I can do
at least a cursory examination.  I still need to have a patrol on the
wall looking for the more creative intruders.

In the meantime, for every defense I can dream up there is an effective
attack that will overcome any defense.  I have to try to find a level
of security thatwill stop most intruders while still allowing business
to occur.  I have to decide if I am building a public park with a few
policemen on horseback or am I building a nuclear bomb shelter.

Getting back to the original point, I think that the castle analogy
is great because it is something I can use to explain the concepts
to less knowledgable people.

The terrorist analogy breaks down because the terrorist still has to
attack, at least initially, from the outside.  The classical Trojan horse
DID come through the front gate.  We have to be vigilant and be suspicious
of that giant wooden rabbit.  Once any attacker breaches the outer wall
whether by brute force or stealth, we need to have internal defenses
to try to contain the invader.

Maybe we should try watertight screen doors on submarines... :)

-----Original Message-----
From: Darren Reed [mailto:darrenr () reed wattle id au]
Sent: Wednesday, January 03, 2001 3:45 PM
To: mjr () nfr com
Cc: richard.stiennon () gartner com; twaszak () Telenisus com;
Juergen.Nieveler () arxes de; lance () spitzner net; firewall-wizards () nfr com
Subject: Re: [fw-wiz] Castles and Security (fwd)



Thinking about the "Castles and Security" title, I'm inclined to believe
that they don't make such a good analogy.  A castle's purpose is, when it
boils down to it, to protect the ruler and/or their riches.  There might
be some amount of secret stuff too, but that's usually of lesser importance
and gaining that material is usually in the realm of spying, not warfare.
If you are thinking that a firewall is like a castle, then maybe a spy is
more akin to your real enemy than an army (or terrorist).  How good are
castles at keeping out spies ? ...

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: