Firewall Wizards mailing list archives
Re: Worms, Air Gaps and Responsibility
From: "Paul D. Robertson" <paul () compuwar net>
Date: Fri, 7 May 2004 08:28:46 -0400 (EDT)
On Thu, 6 May 2004, Crispin Cowan wrote:
Paul D. Robertson wrote:With all the money spent on "security" solutions that aren't as effective as "don't connect"- how many companies even look at their user population risk profiles and architect for it? Not connecting is *really* cheap and *really* effective.Really effective I'll believe (it definitely is secure) but really cheap I will challenge. IT facilities like e-mail and web do a lot to reduce operational costs. If you declare everyone's workstation to be "production" and disconnect them from the Internet then you may end up deploying a second set of workstations for Internet access, and that is not cheap.
Generally, (there's been enough about the financial services exception) most workstations aren't "production," so using military grade disconnection (you know, pull out that cable between the switches or to the router between the switches ;) ) to separate things which are mission critical from things which aren't works quite well. I happen to think it's about as effective to dual-home some stable machines, like e-mail gateways for the necessary intercommunication- but the slower maintenance and change cycle on the production side should cover the costs of what little overlap you have to purchase equipment-wise (yes, if your machine budget still comes from capital, operations are out of the expense budget, a bean counter has to balance the numbers somewhere.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Worms, Air Gaps and Responsibility, (continued)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 10)
- Re: Worms, Air Gaps and Responsibility Mason Schmitt (May 10)
- Re: Worms, Air Gaps and Responsibility David Lang (May 10)
- Re: Worms, Air Gaps and Responsibility George Capehart (May 07)
- RE: Worms, Air Gaps and Responsibility Marcus J. Ranum (May 06)
- Re: Worms, Air Gaps and Responsibility Crispin Cowan (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Paul D. Robertson (May 07)
- Re: Worms, Air Gaps and Responsibility Bennett Todd (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)
- Re: Worms, Air Gaps and Responsibility Gwendolynn ferch Elydyr (May 07)
- Re: Worms, Air Gaps and Responsibility Devdas Bhagat (May 07)