Firewall Wizards mailing list archives
Re: Firewalls Compared
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 02 Jul 2004 12:56:18 -0400
Devdas Bhagat wrote:
Which is just wrong. If this is valid, then we as a group need to stop and take a long look at what we are getting for our money. We *NEED* to make people^Wvendors understand that doing the "whack a mole" thing will not work.
You're absolutely right. Whack a mole does not work. The whack a mole approach is the inevitable result of the customer's fervent (but fruitless) desire to have their cake and eat it too - they want to do something that is basically dangerous but convenient. Whack a mole is the expression of the degree to which organizations are willing to expose themselves to risk. More profoundly, the fact that patch slapping and whack a mole are the accepted norm for security is THE indicator of how much organizations truly value being secure. Not very. "Being Secure" brings us back to default deny, tight policies, minimized services, etc, etc. "I told you so" in other words. ;) "Having one's cake and eating it too" brings us patch slapping, whack a mole, and signature-based intrusion prevention systems that try to shoot down new known vulnerabilities as fast as they are seen. I think that it's stupid, but, well, 150 billion flies can't all be wrong... mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls Compared George Capehart (Jul 01)
- Re: Firewalls Compared Devdas Bhagat (Jul 02)
- <Possible follow-ups>
- RE: Firewalls Compared Bill Royds (Jul 01)
- RE: Firewalls Compared Ben Nagy (Jul 01)
- RE: Firewalls Compared Paul D. Robertson (Jul 01)
- RE: Firewalls Compared Marcus J. Ranum (Jul 02)
- Re: Firewalls Compared Devdas Bhagat (Jul 02)
- Re: Firewalls Compared Marcus J. Ranum (Jul 02)
- RE: Firewalls Compared Marcus J. Ranum (Jul 02)
- RE: Firewalls Compared Paul D. Robertson (Jul 01)