Firewall Wizards mailing list archives
Re: Castles and Security (fwd)
From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 4 Jan 2001 14:08:54 +1100 (EST)
In some email I received from Harris, Tim, sie wrote:
I rather like the analogy of the castle so long as you don't try to stretch it too far. Remember that a castle has two primary modes of operation (with lots of gray in between), open and closed. In the closed mode a castle is quite good at keeping out spies.
Sounds to me like you're confusing a casle with a door.
We operate in a restricted mode where access is limited. The moat and the wall funnel most people onto the drawbridge where I can do at least a cursory examination. I still need to have a patrol on the wall looking for the more creative intruders.
There are many castles without moats...many indeed. Not to mention your patrol may not _see_ the more creative intruders. Still, I don't think it's a great analogy. Their raison d'etre is quite different. There may also be a certain amount of confusion here between "castles" and "walled cities". Two quite different beasts. The biggest problem I have with the castle concept is that I can take over everything else which those within the castle claim to rule and just lay seige to the castle. The land and all the bouty therein (excluding that within the castle) is mine. Whether or not I can get into the castle makes no difference and is just a game of patience: who can last longer, those outside trying to get in or those inside (who are going to need input from the outside sooner or later). DDoS attacks don't even come close to a seige, IMHO, thank god. Likewise, if we take it to mean its protecting a personage, sooner or later they are going to venture outside the castle walls and there upon lose protection of its walls. You typically don't take your data out from behind your firewall for a "walk on the 'net" ... well, maybe mobile workers are somewhat analagous here... Defence in depth is good, but you don't need castles to teach you that. Any military base should be a good example, especially those that have some sort of "public area" on them. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Castles and Security (fwd), (continued)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- Re: Castles and Security Title Randy Grimshaw (Jan 04)
- RE: Castles and Security (fwd) daN. (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)
- Re: Castles and Security (fwd) Neil Buckley (Jan 05)
- Re: Castles and Security (fwd) Adam Shostack (Jan 08)
- Targeting (was Castles and Security) Stephen P. Berry (Jan 08)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Harris, Tim (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Ryan Russell (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Darren Reed (Jan 10)