Firewall Wizards mailing list archives
Re: Castles and Security (fwd)
From: George Capehart <capegeo () opengroup org>
Date: Fri, 05 Jan 2001 09:53:13 -0500
(To avoid a growing CC: list, I'm just sending this to fw-wiz) Bill_Royds () pch gc ca wrote:
<snip great discussion of what happens when one attempts to turn a problem of multiple analog dimensions into one of one dimension that has only two values.> This has been a *great* thread. It's threads like this that I wish everyone who is concerned with security issues could have access. I've lurked on this list (and others) for just such an opportunity. I take a holistic approach to security so I need to understand what's going on in as many different areas as I have time to devote. Things got started when Lance Spitzner asked about how reasonable it is to use a castle as an analogy for describing the issues with which one deals in network security. There was a good exchange around that along with side trips into the European Theater of WWII and the attempt at making a distinction between guerillas and terrorists. (I think it depends upon whether the speaker is the attacker or the attackee). ;-> There was also Marcus' subthread on the idea of legislating the definition of good guy and bad guy. (Prohibition comes to mind here . . . as does the effect of the Harrison Narcotic Act of 1924. Before that, Cokes were *really* cokes . . . now they have to use caffeine . . .) To me, the most interesting aspect of the thread has been the acknowledgment (once again) that it is impossible to defend against truly determined adversaries but that Defense in depth is a Good Thing (TM) and is usually necessary. Seems to me that we're back to the economics of security . . . defenders rarely spend more to defend a target than it is worth to them and attackers spend as much on an attack as they're willing to pay. So that leaves us, IMHO, in the position of needing to know the enemy (cf. The Art of War, Sun Tzu) and then, given that understanding, define the risk to be managed and the strategy and tactics for managing it (cf. Secrets & Lies, Bruce Schneier). My $0.02. -- George W. Capehart phone: +1 (704) 277-4561 fax: +1 (704) 853-2624 "I'd rather have a bottle in front of me than a frontal lobotomy." Anonymous _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Castles and Security (fwd), (continued)
- Re: Castles and Security (fwd) Neil Buckley (Jan 05)
- Re: Castles and Security (fwd) Adam Shostack (Jan 08)
- Targeting (was Castles and Security) Stephen P. Berry (Jan 08)
- RE: Castles and Security (fwd) Marcus J. Ranum (Jan 03)
- RE: Castles and Security (fwd) Harris, Tim (Jan 03)
- Re: Castles and Security (fwd) Darren Reed (Jan 03)
- RE: Castles and Security (fwd) Frank Knobbe (Jan 03)
- RE: Castles and Security (fwd) twaszak (Jan 04)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Ryan Russell (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- RE: Castles and Security (fwd) Scott, Richard (Jan 08)
- RE: Castles and Security (fwd) Antonomasia (Jan 08)
- Re: Castles and Security (fwd) Darren Reed (Jan 10)
- Re: Castles and Security (fwd) Steven M. Bellovin (Jan 10)
- RE: Castles and Security (fwd) Robert Graham (Jan 12)
- RE: Castles and Security Lance Spitzner (Jan 12)
- RE: Castles and Security (fwd) Robert Graham (Jan 12)
- RE: Castles and Security (fwd) Ben . Grubin (Jan 12)