Firewall Wizards mailing list archives
Re: Vulnerability Response (was: BGP TCP RST Attacks)
From: George Capehart <capegeo () opengroup org>
Date: Thu, 3 Jun 2004 09:35:46 -0400
On Wednesday 02 June 2004 01:58 pm, David Lang wrote:
On Wed, 2 Jun 2004, George Capehart wrote:The cost of risk is very important.Hear, hear!unfortunantly this is much easier to say then to define, especially when you have disagreements between departments over the liklyhood of something beign exploited "Vendor BIDNAME says that their equpiment that will span 5 networks is perfectly safe and can't possibly be comprimised becouse they don't run an OS" from the folks who want to install something vs the security departments view of the same hardware "these are x86 based nodes plugged into every network with an ethernet backplane between them, they are a very high risk" let alone the more subtle issues of how expensive the risk is to open one more port through a firewall.
I certainly agree that sometimes it is hard to quantify risk to two decimal places. But not all risk assessment schemes require that. With respect to disagreements among departments over the likelihood of an exploit, that is non-problem. If the organization's management style is to achieve consensus, lock 'em all in a room and don't let them out until they come to agreement. If the organization's management style is by decree, decree it. Bottom line: either risk is managed or it's not. A functioning risk management process has mechanisms it needs in place to ensure that risks are identified and managed. If those mechanisms are not in place, the organization is not managing its risk . . . Cheers, /g -- George Capehart capegeo at opengroup dot org PGP Key ID: 0x63F0F642 available on most public key servers "It is always possible to agglutenate multiple separate problems into a single complex interdependent solution. In most cases this is a bad idea." -- RFC 1925 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Frederick M Avolio (Jun 01)
- <Possible follow-ups>
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Devdas Bhagat (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) George Capehart (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) George Capehart (Jun 02)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) David Lang (Jun 02)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) George Capehart (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Gwendolynn ferch Elydyr (Jun 03)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 03)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 04)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 04)
- Re: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Ben Nagy (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Marcus J. Ranum (Jun 01)
- RE: Vulnerability Response (was: BGP TCP RST Attacks) Paul D. Robertson (Jun 01)