Firewall Wizards mailing list archives
Re: How automate firewall tests
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 28 Aug 2006 10:29:57 -0400
Crispin Cowan wrote:
Problem is, I don't believe in positive security models in the real world
That's OK. It doesn't matter whether you do or not. You can choose to go around not believing in the laws of physics, either. But that doesn't change the fact that "the bigger they come, the harder they hit." The state of the industry today is a direct result of the fact that a lot of you don't "believe" in a positive security model, or "believe" that security is something that can be negotiated as part of some mysterious balancing act between "business needs" and "security requirements." What people don't get is that the hackers don't give a rat's ass about where you choose to establish your balance between fantasy and reality: all they need is one hole and your balance is yesterday's fine dream and today's front page news. For the last 15 years we've been presented with a constant litany of important agencies, sites, and systems that have been hacked into because people don't believe that doing security right is practical. I'm OK with that (it's not my problem!)(*) but I get really disgusted when people publicly announce: "I BELIEVE THE EARTH IS FLAT AND WILL CONTINUE TO KEEP TRYING TO KEEP IT THAT WAY." C'mon, Crispin - if you don't believe in positive security models what's your alternative? "Kludge stuff forever"? That's working just great. "User education"? Fantastic. Stellar. "Risk management"? The hackers love risk management. It's one thing to say you don't believe but it's a hard position to hold when the stuff you DO appear to believe in has obviously failed to work. mjr. (* Well, it is, really. I mean, as a veteran, I know now that the VA nicely published my personal information because of "practical" "business needs" etc etc etc) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: How automate firewall tests, (continued)
- Re: How automate firewall tests Isaac Van Name (Aug 20)
- Re: How automate firewall tests Marcus J. Ranum (Aug 20)
- Re: How automate firewall tests Tim Shea (Aug 21)
- Re: How automate firewall tests Paul D. Robertson (Aug 21)
- Re: How automate firewall tests ArkanoiD (Aug 21)
- Re: How automate firewall tests Marcus J. Ranum (Aug 21)
- Re: How automate firewall tests Chris Blask (Aug 22)
- Re: How automate firewall tests Patrick M. Hausen (Aug 22)
- Re: How automate firewall tests Chris Blask (Aug 23)
- Re: How automate firewall tests Crispin Cowan (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Marcus J. Ranum (Aug 28)
- Re: How automate firewall tests Cat Okita (Aug 29)
- Re: How automate firewall tests Marcus J. Ranum (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 23)
- Re: How automate firewall tests Tina Bird (Aug 23)
- Re: How automate firewall tests lordchariot (Aug 23)
- Re: How automate firewall tests Jim Seymour (Aug 21)
- Re: How automate firewall tests Chris Byrd (Aug 21)
- Message not available
- Re: How automate firewall tests Marcus J. Ranum (Aug 22)
- Re: How automate firewall tests Keith A. Glass (Aug 20)