Re: Worms, Air Gaps and Responsibility

[Frank Knobbe <frank () knobbe us>]

On Tue, 2004-05-18 at 10:02, Adam Shostack wrote:
> I think the issue is insecure systems that remain insecure.  You get
> the same behavior from backups restoring viruses.  So the issue is not
> a firewall issue, but a network design & upgrade issue--how do you
> flow changes in such a way that you're not breaking things?

Adam,

no question about that. I think virus outbreaks should be remedied in
such a way that your internal systems are immune to it. In other words,
fix it so that you are sure and not afraid of letting the virus/worm
loose on the inside again, knowing that it won't cause harm anymore.
It's not enough to get the worm out and keep it from coming back in.

But this thread started with the idea of using "air gaps" as a measure
to prevent infection. Perhaps that shows that we tend to first run to
the perimeter in order to secure our networks instead of aiming for the
real issue (host vulnerability). No doubt that perimeter defenses can
buy you time, but it not the proper way to guarantee systems safety.
Immunization has to occur on the hosts.

If I could remember the phrase about curing the cause, but not the
disease, I would properly place it here. :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part