Firewall Wizards mailing list archives
Re: Ok, so now we have a firewall, we're safe, right?
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 31 May 2005 20:09:28 -0400 (EDT)
On Tue, 31 May 2005, Marcus J. Ranum wrote:
Paul D. Robertson wrote:But you almost have to use the events to sell your approach. Done well, that's how you get buy-in for a security programNo, I think we need to start taking the high road. Security
That just gets you uninvited to all the "real meetings" in my experience- and I bet you've been not invited to more meetings than I wasn't invited to! ;)
practitioners have been too busy arguing about the color locks on the barn doors* and trying to argue from a position of weakness. It's stupid. It's not working. We need to just be telling these CTOs: "*Laugh* You Fscking MORON. If you had half of the IQ of my horse P-nut you'd have had one of your minions draw up a plan for securing wireless *BEFORE* you
Ah, but then we go back to the "make the vendors liable for selling that crap." Neither approach seems to work. I was talking to a friend today who related a recent tale of a happy homemaker who got an unscheduled visit from a group of folks wearing badges and waving guns at 6am one morning. The new guests asked the resident (who was probably shocked to get so many visitors so early, and who wasn't prepared for company) if they had wireless access and got "No! Never used it!" as an answer. Turns out that the resident's telco gave them a wireless/wired DSL router when they were provided with DSL service. They plugged their computer in to the wired port, DSL worked and they were happy until 6am a few days ago. Suddenly their satisfaction with DSL dropped. Now, this person obviously wasn't that technically savvy, and didn't realize that someone else was using their DSL connection to do Very Bad Things. Probably they were a CTO or Salesweasel. I think it's probably unreasonable[1] to expect the general consumer to understand the nuances of 802.11b/g being added to a DSL router that's sent to them by their provider, and I think in this case, I'd advocate a nice little lawyerfest aimed squarely at said provider. Now there's a difference between intentionally fielding wireless and unintentionally fielding it- and between a CTO and not-a-CTO, but the end result seems to be about the same, and it was time for a story anyway.
They're sensitive to ridicule and abuse. They're impervious to clues.
They tend to think the same of us ;) The issue with taking the high road is that the target has to know it's the high road. I've found taking published events such as the one I've pointed out very helpful in building a case for having a road at all, high or low. It turns out that CTOs seem to spend more effort on things they can use to ridicule their other CTO buddies at golf games- "Sure, we blocked EXE files after that Israeli thing- only someone as bad off as you would both end up in a sand trap *and* have a salesweasel infect your network" is much more effective than "that firewall guy's laughing at me again!" Paul [1] Though gravely saddened by the general lack of interest in gaining clue that comes from most of the population, I understand that if they knew stuff they'd be even MORE dangerous. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 30)
- Re: Ok, so now we have a firewall, we're safe, right? Chris Blask (May 30)
- RE: Ok, so now we have a firewall, we're safe, right? Ben Nagy (May 30)
- RE: Ok, so now we have a firewall, we're safe, right? Chris Blask (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Fritz Ames (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Marcus J. Ranum (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Roel Jonkman (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 31)
- RE: Ok, so now we have a firewall, we're safe, right? Tina Bird (May 31)
- RE: Ok, so now we have a firewall, we're safe, right? Chris Blask (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Chris Blask (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Chris Blask (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 31)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (May 31)