Re: Ok, so now we have a firewall, we're safe, right?

[Chris Blask <chris () blask org>]

Hey Carson!

At 09:48 PM 5/30/2005, Carson Gaspar wrote:
> --On Monday, May 30, 2005 12:18:05 PM -0400 "Paul D. Robertson" 
> <paul () compuwar net> wrote:
>
> > If ever there were a wakeup call for people to start analyzing their
> > firewall logs, this is it-  nobody at any of the companies involved
> > figured this out due to firewall logs, an author figured it out because
> > their unpublished book was leaking.
>
> Huh? Their firewalls allowed executable attachments to be delivered from 
> unknown sources to people uneducated enough to click on them. Said 
> firewalls failed. Examining the logs may have alerted them sooner, but 
> that's closing the barn door long after the horses have escaped and 
> trampled the children.

Well, it depends.

Finding the horses loose in the yard, shutting the gate and getting them 
back in their stalls may occur while causing nothing worse than some 
property damage and a vet bill.  Not *noticing* that the horses have gotten 
out, destroyed the foundation of the ranch house and killed the children 
until someone mentions they haven't seen them in school for three 
months  -  that's a measurably worse outcome.

The data and operational ability is there to give visibility into network 
activity - it's just a Very Large Numbers problem (but so are Large Primes, 
and we just keep building bigger gear to handle it).  Products exist to do 
this today, just not many people are using them yet.

That sort of capability doesn't solve all the world's problems, but it 
makes a lot of things clearer.

-cheers!

-chris


Chris Blask
chris () blask org
http://blaskworks.blogspot.com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards