Firewall Wizards mailing list archives
RE: Worms, Air Gaps and Responsibility
From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Tue, 18 May 2004 15:24:54 -0400
At 12:34 PM 5/18/2004 -0400, Gwendolynn ferch Elydyr wrote:
On Tue, 18 May 2004, Dana Nowell wrote:the nightmare. Is that today, no. Is that within say 5 years, possibly. Show me YOUR plans for firewall protection of bluetooth, wireless USB, and similar connections (yes some stuff is/can be built in by design but buffer overflows and other exploits can be built in by accident;).Isn't that what this discussion started out with? Whether we're talking about wired or wireless devices, the concept of an "air gap" [namely a complete lack of connectivity between devices] remains valid.
Yeah, I've drifted around to the beginning, sorry juggling too many things this week. I originally disliked Paul's example. Then, having been sucked into the discussion I tried to avoid, I tried (poorly) to make a point about short term vs. long term environments. The short term (usually less technical) guys (home users, small business, etc.) are unlikely to take the time or have the knowledge to analyse the proper 'air gaps', especially when it includes things like cell phones and PDAs which are not thought of as 'part of the network'. Additionally they are less likely to approve expenditures for security devices that they can't justify simply because some security paper says so. So this discussion is wonderful for people/companies with full time staff and reasonable budgets dedicated to security. For the five man office with the secretary in charge of the network, it is less than useful. I'm willing to bet that the bulk of the network connections (specifically the more insecure parts of the Internet) falls into the short term bucket, especially with home use. Premise: these networks/hosts will be compromised, as air gaps are unlikely to be implemented and new technology connected devices will flourish, that creates a lot of places for bugs to breed. Premise: devices are moving toward interconnectivity via Infrared, Bluetooth, WiFi, 802.11, and other technologies. Direct peer-to-peer connectivity between these devices is coming and one day 'soon' walking down the street with one in your pocket will cause tens or hundreds of connections to be attempted/created/broken, with all the inherent risks. Premise: security typically lags functionality as new technology rolls out (palms get synced to desktops before security knows a palm is in the building in most companies). Conclusion: Air gaps will not solve the problem as large breeding grounds, device connectivity, and security lag will allow networks to be compromised. At best air gaps are another stop gap measure, which is certainly better than nothing. but not much. Whine: The security professionals in the Internet community need to take a longer view. Until we 'solve' the problem for the average guy playing a short term game (or at least greatly reduce his risk) we can't really solve the issue in our own networks, we can only play technology catch-up. We need to be involved either via this list or another mechanism in helping set device/protocol 'best practices' and beating vendors about the head until they do it, so security is designed in rather than cobbled on. We need to concentrate on how we solve the political/corporate/vendor issue and not the technical issue because the technical issue isn't soluble (not that the political issue is, but we might get more bang for the effort buck). Basically I'm damned tired of fighting the same war and upgrading from a rock to a knife to a dagger to a sword to a flintlock to a ... So air gaps are nice, but in the long run, it's just another musket, one that will be circumvented by targeting devices difficult to air gap (PDAs syncing to desktop?). Before you ask, no I don't have a plan. Like most in a small company I spend 95% of my day digging a deeper foxhole and looking over the latest in flintlock design. We have a lot of bright people here and we ought to be using those IQ points for the long term instead of designing today's Mark XII network rock. OK, read it twice, and think I finally am clear (at least to me :-). -- Dana Nowell Cornerstone Software Inc. Voice: 603-595-7480 Fax: 603-882-7313 email: DanaNowell_at_CornerstoneSoftware.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Worms, Air Gaps and Responsibility, (continued)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 17)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 17)
- RE: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Adam Shostack (May 18)
- Re: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- Re: Worms, Air Gaps and Responsibility Frank Knobbe (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 18)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 18)
- RE: Worms, Air Gaps and Responsibility Dana Nowell (May 19)
- RE: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 19)
- Best Practices Paul D. Robertson (May 19)
- Re: Best Practices Dana Nowell (May 21)
- Re: Best Practices Gwendolynn ferch Elydyr (May 21)
- Re: Best Practices Dana Nowell (May 21)
- RE: Worms, Air Gaps and Responsibility Paul D. Robertson (May 13)
- Re: Re: Best Practices R. DuFresne (May 21)