Firewall Wizards mailing list archives

Re: Castles and Security (fwd)

From: Darren Reed <darrenr () reed wattle id au>
Date: Thu, 4 Jan 2001 14:08:54 +1100 (EST)

In some email I received from Harris, Tim, sie wrote:

I rather like the analogy of the castle so long as you don't
try to stretch it too far.  Remember that a castle has two primary
modes of operation (with lots of gray in between), open and closed.
In the closed mode a castle is quite good at keeping out spies.


Sounds to me like you're confusing a casle with a door.

We operate in a restricted mode where access is limited.  The moat
and the wall funnel most people onto the drawbridge where I can do
at least a cursory examination.  I still need to have a patrol on the
wall looking for the more creative intruders.


There are many castles without moats...many indeed.
Not to mention your patrol may not _see_ the more creative intruders.

Still, I don't think it's a great analogy.
Their raison d'etre is quite different.

There may also be a certain amount of confusion here between "castles"
and "walled cities".  Two quite different beasts.

The biggest problem I have with the castle concept is that I can take
over everything else which those within the castle claim to rule and
just lay seige to the castle.  The land and all the bouty therein
(excluding that within the castle) is mine.  Whether or not I can get
into the castle makes no difference and is just a game of patience:
who can last longer, those outside trying to get in or those inside
(who are going to need input from the outside sooner or later).  DDoS
attacks don't even come close to a seige, IMHO, thank god.

Likewise, if we take it to mean its protecting a personage, sooner or
later they are going to venture outside the castle walls and there upon
lose protection of its walls.  You typically don't take your data out
from behind your firewall for a "walk on the 'net" ... well, maybe mobile
workers are somewhat analagous here...

Defence in depth is good, but you don't need castles to teach you that.
Any military base should be a good example, especially those that have
some sort of "public area" on them.

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Castles and Security (fwd), (continued)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
  - Re: Castles and Security (fwd) Darren Reed (Jan 03)
    - Re: Castles and Security Title Randy Grimshaw (Jan 04)
  - RE: Castles and Security (fwd) daN. (Jan 03)
    - RE: Castles and Security (fwd) Marcus J. Ranum (Jan 04)
    - Re: Castles and Security (fwd) Neil Buckley (Jan 05)
    - Re: Castles and Security (fwd) Adam Shostack (Jan 08)
    - Targeting (was Castles and Security) Stephen P. Berry (Jan 08)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Harris, Tim (Jan 03)
  - Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
  - Re: Castles and Security (fwd) George Capehart (Jan 05)
    - Re: Castles and Security (fwd) Ryan Russell (Jan 08)
    - Re: Castles and Security (fwd) George Capehart (Jan 08)
- RE: Castles and Security (fwd) Scott, Richard (Jan 08)
- RE: Castles and Security (fwd) Antonomasia (Jan 08)
  - Re: Castles and Security (fwd) Darren Reed (Jan 10)

(Thread continues...)