Firewall Wizards mailing list archives
Re: How automate firewall tests
From: Chris Blask <chris () blask org>
Date: Tue, 22 Aug 2006 16:10:15 -0400
At 02:14 PM 22/08/2006, Patrick M. Hausen wrote:
Hi, all! On Tue, Aug 22, 2006 at 01:28:13PM -0400, Chris Blask wrote:o "You don't know what you don't know."Which leads directly to Marcus' well known rant about positive security models.
Indeed. Problem is, I don't believe in positive security models in the real world (with the theoretical exceptions of some military or SCADA networks that actually don't connect to the PSTN [still waiting to see one]). If we start now we can build a ground-up secure network just in time for it to be completely obsolete and we all retire in frustration..
You cannot make even any *one* Thing in security "perfect"You can. You can code an HTTP server that does nothing but serve static documents in (my guess) less than 1000 lines of C and you can prove a program of this size to be correct.
We can split hairs on this, but if you load your perfect web server code on an operating system, then the integrity of the application evaporates.
Customers tend to favour "off the shelf solutions", though.
Customers tend to favor building networks out of components as opposed to mining the iron ore, shaving crystals of silica into wafers and carving transistors with razor blades. I tend to favor buying cars with the wave-front topology of the combustion chamber already engineered to my satisfaction. Practical solutions apply beyond the purists' and hobbiests' worlds
IIRC this once led to another one of Marcus' rants ;-)
Just Say No to Dittoheading!! :~)
Regards,
-best -chris If you want to live in a world in which the computer is a panacea rather than a plague, there are a few crucial things that must be done. Do not leave the responsibility for the social impact of computer applications in the hands of technicians. Insist on individual, government, and corporate responsibility and liability for the computer's effect on people. Recognize the computer as an inanimate tool with enormous potential for either good or evil, the choice of which is in the hands of men and women, not inanimate systems. Our government is designed so that you are neither dependent on the excellence of your leaders nor vulnerable to their failings; so too should you be free of the men and women who make and run your computers. - Stanley Rothman & Charles Mosmann Computers and Society, 1976 Chris Blask chris () blask org http://blaskworks.blogspot.com +1 416 358 9885 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Durga Prasad (Aug 18)
- Re: How automate firewall tests Marcus J. Ranum (Aug 18)
- Re: How automate firewall tests Isaac Van Name (Aug 20)
- Re: How automate firewall tests Marcus J. Ranum (Aug 20)
- Re: How automate firewall tests Tim Shea (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests ArkanoiD (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Chris Blask (Aug 22)
- Re: How automate firewall tests Patrick M. Hausen (Aug 22)
- Re: How automate firewall tests Chris Blask (Aug 23)
- Re: How automate firewall tests Crispin Cowan (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Cat Okita (Aug 29)
- Re: How automate firewall tests Durga Prasad (Aug 18)
- Re: How automate firewall tests Marcus J. Ranum (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 23)
- Re: How automate firewall tests Tina Bird (Aug 23)
- Re: How automate firewall tests lordchariot (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 21)
- Re: How automate firewall tests Chris Byrd (Aug 21)