RE: Castles and Security (fwd)

[Bill_Royds () pch gc ca]

This is a perfect rational for extreme gun comtrol laws. If there is a law that
says possesion of a handgun is illegal, then anyone who posseses a handgun is de
facto breaking the law and one does not have to wait for its use to take action
against that person.
Although criminals would still have guns, they could be charged with possession
of weapons upon discovery without proving any other act.  Is the risk to
personal freedom by this kind of law less than the gain in public safety? We ban
possesion of relatively hamless drugs becuase of fear of progression to use of
harder ones. Should we ban any guns to prevent use of rocket launchers.  Marcus
would probably would probably say no. But other countries have werighed this
balance differently and come to different conclusions
   With regards to networks, the risk by blocking all the possible network tools
and the ease of inventing new ones means that it would be a very difficult task
to ban "hacking tools" or even define them well enough to enumerate them.  The
way to defend from their use is to limit the vulnerability of the targets. One
of those ways is armour on the target itself (hardening and personal firewalls).
The other is to armour the house, neighbourhood and village. A castle was often
only a good defense if it controlled a route. It may have been an object of an
attack but not an object of a war. The war was to capture resources and
territory and eventually the kingdom.
   Proper designs of castles and firewalls   are tactics. Proper design of
networks and server farms is strategy. Wars are won by good strategies that lead
to good tactics..







"Marcus J. Ranum" <mjr () nfr com> on 01/04/2001 02:26:32 PM
                                                              
                                                              
                                                              
 To:      "daN." <dan () nesmail com>, "Stiennon,Richard"        
          <richard.stiennon () gartner com>,                     
          twaszak () Telenisus com, Juergen.Nieveler () arxes de,   
          lance () spitzner net, firewall-wizards () nfr com        
                                                              
 cc:      (bcc: Bill Royds/HullOttawa/PCH/CA)                 
                                                              
                                                              
                                                              
 Subject: RE: [fw-wiz] Castles and Security (fwd)             
                                                              





daN. wrote:
> There is no point in making a rule if you cannot punish those who break it.

That's actually not true!!!

If you make a rule, it defines clearly the lines between honest and dishonest
behavior. This serves to separate the players into 2 clear camps, instead of a
single big grey zone.

My friends at L0pht convinced me very effectively that the purpose of locks is
to keep _honest_ people honest. It's actually useful as such because then
you know that if someone goes through a locked door they are either authorized
or a bad guy. Sure, someone can claim "I just rattled the knob and the door was
already unlocked" but that only goes a short distance or nowhere depending on
the lock system used. Honest people take one look at a locked door and
rightly conclude "I'm not supposed to go through there" and go away. And if
you see someone trying to pick your lock, you know he's up to no good and
can deal with them differently. Basically, rules, locks, etc, serve to force the
bad guys to clearly identify as suck, which makes them targets.

I keep coming back to this issue of improving targeting and it seems like
lots of people don't "get it" - I'm worried that I'm not communicating
effectively,
or something. Am I being obscure?






_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards