Firewall Wizards mailing list archives
RE: Castles and Security (fwd)
From: "Harris, Tim" <tharris () ocair com>
Date: Wed, 3 Jan 2001 17:25:22 -0800
I rather like the analogy of the castle so long as you don't try to stretch it too far. Remember that a castle has two primary modes of operation (with lots of gray in between), open and closed. In the closed mode a castle is quite good at keeping out spies. We operate in a restricted mode where access is limited. The moat and the wall funnel most people onto the drawbridge where I can do at least a cursory examination. I still need to have a patrol on the wall looking for the more creative intruders. In the meantime, for every defense I can dream up there is an effective attack that will overcome any defense. I have to try to find a level of security thatwill stop most intruders while still allowing business to occur. I have to decide if I am building a public park with a few policemen on horseback or am I building a nuclear bomb shelter. Getting back to the original point, I think that the castle analogy is great because it is something I can use to explain the concepts to less knowledgable people. The terrorist analogy breaks down because the terrorist still has to attack, at least initially, from the outside. The classical Trojan horse DID come through the front gate. We have to be vigilant and be suspicious of that giant wooden rabbit. Once any attacker breaches the outer wall whether by brute force or stealth, we need to have internal defenses to try to contain the invader. Maybe we should try watertight screen doors on submarines... :) -----Original Message----- From: Darren Reed [mailto:darrenr () reed wattle id au] Sent: Wednesday, January 03, 2001 3:45 PM To: mjr () nfr com Cc: richard.stiennon () gartner com; twaszak () Telenisus com; Juergen.Nieveler () arxes de; lance () spitzner net; firewall-wizards () nfr com Subject: Re: [fw-wiz] Castles and Security (fwd) Thinking about the "Castles and Security" title, I'm inclined to believe that they don't make such a good analogy. A castle's purpose is, when it boils down to it, to protect the ruler and/or their riches. There might be some amount of secret stuff too, but that's usually of lesser importance and gaining that material is usually in the realm of spying, not warfare. If you are thinking that a firewall is like a castle, then maybe a spy is more akin to your real enemy than an army (or terrorist). How good are castles at keeping out spies ? ... Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Castles and Security (fwd), (continued)
- Re: Castles and Security (fwd) M.Schubert (Jan 04)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security Title Randy Grimshaw (Jan 04)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)
- Re: Castles and Security (fwd) Neil Buckley (Jan 05)
- Re: Castles and Security (fwd) Adam Shostack (Jan 08)
- Targeting (was Castles and Security) Stephen P. Berry (Jan 08)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Harris, Tim (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Ryan Russell (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 05)