Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Tue, 18 May 2004 12:06:44 -0400
At 11:02 AM 5/18/2004 -0400, Adam Shostack wrote:
On Tue, May 18, 2004 at 09:29:01AM -0400, Dana Nowell wrote: | >Perhaps for viruses, but not for worms as these devices tend not to be | >permanently wired or reachable. | > | | Yup. So imagine a case where you have an internal worm/virus outbreak and | you clean up. Next day it is back, you scour your network and clean up | everything. Next day it's back, eventually you find some guy syncing his | Palm to his desktop or an intermittently connected wireless iPaq is the | root cause, chase that one down. | | As a general case, I'm whining about intermittently connected devices | having direct access to the internal network. We talk about all sorts of | restrictions on home PC connections, what about the 'next generation' | (based on roll-out not technology) wireless devices (bluetooth, WiFi, | 802.11)? Assume you have a PDA like device in your pocket and are walking | down the street. Guy with an infected phone walks past and BAM, welcome to | the nightmare. Is that today, no. Is that within say 5 years, possibly. | Show me YOUR plans for firewall protection of bluetooth, wireless USB, and | similar connections (yes some stuff is/can be built in by design but buffer | overflows and other exploits can be built in by accident;). I think the issue is insecure systems that remain insecure. You get the same behavior from backups restoring viruses. So the issue is not a firewall issue, but a network design & upgrade issue--how do you flow changes in such a way that you're not breaking things?
OK, I'll grant you, I was not clear. To some extent all reinfections fall in that bucket but the reinfection is not the point, it's simply part of the example. The point is that devices drift in and out of networks and can become infected. The 'current' obvious/popular network design answer (AFAIK) for intermittent connectivity devices (laptops) is "oh, those devices are on a different segment and that segment is compartmentalized to limit exposure". My example was chosen to illustrate the point that it really doesn't work with PDAs and phones that get synced to the desktop or have 'other' wireless access to the internal network (bluetooth to a printer/scanner/other). Currently most people ignore them as no easy answer exists and the short term pain is below the threshold of action. Since they are ignored, it is unlikely that they would be examined as the the potential source of the infection and reinfection would/could result. Given potential wireless connectivity the current 'but I only connect my PDA to this desktop so it's clean' excuse/exemption will not be valid forever. So I guess my example was OK but my explanation was poor. -- Dana Nowell Cornerstone Software Inc. Voice: 603-595-7480 Fax: 603-882-7313 email: DanaNowell_at_CornerstoneSoftware.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 12)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 13)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 18)
- Re: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 19)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 19)
- Best Practices Paul D. Robertson (May 19)
- Re: Best Practices Dana Nowell (May 21)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Claussen, Ken (May 12)