Firewall Wizards mailing list archives
Re: A fun smackdown...
From: Joseph S D Yao <jsdy () center osis gov>
Date: Fri, 20 May 2005 10:16:04 -0400
On Thu, May 19, 2005 at 09:57:42AM -0400, Chuck Swiger wrote:
On May 19, 2005, at 9:04 AM, Paul D. Robertson wrote:On Tue, 17 May 2005, Martin wrote:"Be liberal in what you accept; be strict in what you send."_All_ effective security controls break that tenet. The more liberal your controls, the more risk you assume.There is more to an effective security control than only denying stuff!
... I'm not sure what all the argument is about. Perhaps we are agreeing at the top of our lungs? I remember a discussion in the 1970s which concluded that PURE security is exactly opposed to PURE utility. The most secure computer would be unplugged and buried beneath tonnes of rock. Not particularly usable. The most usable computer would have open access for everybody. Not particularly secure. I don't think anyone here was in that discussion, but it kind of clarified the pure concepts. Soon after the firewall idea was made known, and after people who weren't clear on the balance of security and utility started getting hold of it, Marcus Ranum introduced his Ultimately Secure Firewall - which does indeed disallow all network traffic. <URL: http://www.ranum.com/security/computer_security/papers/a1-firewall/> Ah, I see he has now made it the Ultimately Secure Intrusion Prevention System ("featuring signature-less anomaly detection and blocking technology!!"). ;-) The SECURITY PERSON'S JOB, along with the systems and networks administrators, is to achieve the best balance between maximum security and maximum utility. Chuck, I think that this is what you were thinking of, vice Paul's insistence on what the pure functions were. I think that Paul would agree with this, if he has not been all along. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Chuck Swiger (May 19)
- Re: A fun smackdown... Paul D. Robertson (May 19)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- Re: A fun smackdown... Chuck Swiger (May 21)
- Re: A fun smackdown... Marcus J. Ranum (May 21)
- RE: A fun smackdown... Bill Royds (May 24)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Chuck Swiger (May 20)
- Re: A fun smackdown... Joseph S D Yao (May 20)
- Re: A fun smackdown... Devdas Bhagat (May 20)
- Re: A fun smackdown... Carson Gaspar (May 20)
- Re: A fun smackdown... Marcus J. Ranum (May 20)
- RE: A fun smackdown... lordchariot (May 21)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)