Re: How automate firewall tests

[jseymour () linxnet com (Jim Seymour)]

"Marcus J. Ranum" <mjr () ranum com> wrote:
[snip]
>                                                                If you want to
> look at things from my (admittedly weird) perspective, the current fondness
> for "patch your software constantly" is proof positive that packet-based
> firewalls don't (and never did) work except for at a very gross level.
[snip]

That's not "weird" by any stretch of the imagination.  It may be
"unpopular."  It may not be "mainstream."  But weird it ain't.  It's
just intelligent, educated and honest.  Problem is: People (read: PHBs,
mainly) don't want intelligent, educated and honest.  They want their
latest whiz-bang crosses-the-boundary-between-internal-secure-and-
external-unsafe application to just work and don't bother me with the
details thankyouverymuch.  Never mind the ISPs that knowingly give
electronic Petri dishes direct connectivity to the 'net, without even a
modicum of blocking/filtering/what-have-you.

This is complicated by Certain Vendors who proclaim that sophisticated
computing environments can be capably managed by somebody who's taken a
short course or read a few books, and a point-n-drool GUI.

The results are predictable.  Virus'/worms/Trojans run amok.  Email
delivery is unreliable.  Major corporations regularly find their
internal network paralyzed.  And on and on.

Oddly enough: The people "victimized" by all this exhibit all the signs
of insanity: They keep doing the same thing and expecting different
results.

You're not "weird," Marcus.  It's the rest of 'em that're weird.  I'm
reminded of this:

    "If fifty million people say a stupid thing,
     it is still a stupid thing."  - Anatole France

Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards