Firewall Wizards mailing list archives
RE: A little paranoia for the weekend...
From: Paul Robertson <proberts () patriot net>
Date: Tue, 29 Jul 2003 17:43:10 -0400 (EDT)
On Tue, 29 Jul 2003, Behm, Jeffrey L. wrote:
From the other side of the coin:But if the credential is lost, isn't the data history as well?
Generally, yes, however it's not always the case. If, for instance, I time and trip limit remote access to a resource, then the credential's lifetime is limited. It always concerns me when we look at point solutions instead of solving classes of problems- and this is classic- from the technologist's standpoint, limiting the credential is most of the point. Very few technologists (and yes, I'm overgeneralizing) deal with trade secrets, business secrets, etc. I'm a lot like Arkady, my data isn't always all that important, so fixing the credential problem makes sense. But when that solution gets rolled out to the general user population, we get a threat and protection mismatch. Like with SSL, we're focusing on the wrong part of the problem- moving the encrypted data down to a trusted host (like the cellular phone cited) is a good solution, and fixes the issue in a much more effective manner (assuming a lot of prerequisites, but hey...) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- A little paranoia for the weekend... Josh Welch (Jul 25)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- RE: A little paranoia for the weekend... Josh Welch (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- Re: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... ark (Jul 29)
- <Possible follow-ups>
- RE: A little paranoia for the weekend... Behm, Jeffrey L. (Jul 29)
- RE: A little paranoia for the weekend... Paul Robertson (Jul 29)
- Re: A little paranoia for the weekend... Joseph Steinberg (Jul 29)
- RE: A little paranoia for the weekend... Ben Nagy (Jul 30)