Re: A fun smackdown...

[Devdas Bhagat <devdas () dvb homelinux org>]

On 20/05/05 11:55 -0400, Chuck Swiger wrote:
<snip>
> I find this definition to be self-consistent, but lacking, and would argue
> that security consists of more than just being able to deny stuff really well.
>
> Rule #1: Figure out what you are protecting.
> Rule #2: Figure out what you are protecting against.

Rule #1: Figure out what you are protecting.
Rule #2: Determine who should have access to it, how, when and where.
Rule #3: Deny everything else.

Note the subtle difference.

> This includes risk of disclosure, risk of unauthorized access/modification, 
> loss of data, and loss of service availability, etc.
>
> > Soon after the firewall idea was made known, and after people who
> > weren't clear on the balance of security and utility started getting
> > hold of it, Marcus Ranum introduced his Ultimately Secure Firewall -
> > which does indeed disallow all network traffic.
> >
> > <URL: http://www.ranum.com/security/computer_security/papers/a1-firewall/>
>
> Heh...I've passed on two or three times where I wanted to bring up Marcus' 
> wirecutters.  :-)
>
> But I think the fact that people are buying expensive 1U firewall boxes from 
> vendors rather than making Marcus rich from setting wirecutters proves my
> point 

And quite a few of us have the view that those 1U boxes are simply not
being used properly to deny enough traffic. See the common reasons for 
being listed on the CBL.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards