Re: firewall-wizards Digest, Vol 64, Issue 3 phishing

[Dave Piscitello <dave () corecom com>]

Stephen,

I think your premise - that we are comfortable with this architecture
- is wrong, at least for this choir.

Your analog also only looks at one dimension of the problem space.

- the ship hull is compromised
- the pumps are working because someone thought to enable this
automation, and he's now serving on another ship
- much of the crew are not competent to deal with the crisis, and
don't have the time to fully assess the damage because they are
distracted by requests to solve far less critical issues so that other
of the ship's services remain in operation for the passengers
- the passengers pay no attention to the warnings, alarms, and have no
clue as to how to abandon ship

I suspect that few on this list are comfortable with this scene. The
pump is there for many because it's keeping the ship afloat while we
patch and re-think how to prevent future hull breaches. Part of
re-thinking is coming up with better monitoring (of hull integrity)
and AWS; part is raising competencies among crew, and part is raising
security awareness among passengers. All of these require the
captain's approval and the captain has to empower the officers.

On Thu, Apr 11, 2013 at 8:46 PM, Stephen P. Berry <spb () meshuggeneh net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> John Michealson writes:
>
> > Check Point's gateway based AV went cloud based last fall. It has over 6M
> > signatures. They also have AntiBot, which has hundreds of millions of IP
> > and hosts classified. They are reclassifying 50k sites/hosts a day with
> > their ThreatCloud, and ThreatEmulation is in EA. Their Application Control
> > has 4900 apps defined locally and 300K in the cloud. Combined with
> > education these are very effective tools.
>
> Perhaps I just have a bad attitude, but I'm imagining a ship with a
> great jagged hole below the water line and a very high output bilge
> pump that's almost but not quite keeping up with the flooding.  The ship
> doesn't sink -immediately-, and hey that is a pretty impressive pump.  But
> I'm not sure that I'd say that the pump is a very effective tool, because
> the task I'm actually concerned with isn't---or, I would argue shouldn't
> be---pumping water out, which the pump does quite well, but rather with
> keeping the ship seaworthy by keeping the water from getting in in the
> first place, and the pump doesn't do that at all.
>
> I'm not trying to badmouth Checkpoint here.  I'm sure their product is
> wonderful for what it is.  But I find it distressing how comfortable
> we've become with living with network architectures that are perpetually
> in a state of failure.  That are designed failed.  You speak in glowing words
> of the monumental efforts expended by Checkpoint.  But while I can admire
> all that hard work, when I see as system that -needs- this sort of heroic
> effort -on an ongoing basis- just to continue functioning, I see a system
> that is fundamentally broken.
>
>
>
> - -spb
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEVAwUBUWcEsR+T8Ptkg9h9AQI4swf/SAXPVaI8DXdOZ7OaUpcBUe6t2Y6ZQCGX
> 9VB0F2/3pyTWWdcVNUcDMVAiasgF1Pc/uHEhGFbFJNB13ubiUDsvQmjwJMkhN5fk
> GRT1eJLQrwSjAhzpwnQxTnQQQxwGBlaCb9Lo3db/PMZcxwFaYjzWncthZ6tX9YW5
> IOD1Th0fvOEEJvtl+imqYanWUC2HXFJPP+F2f8eswOv2EI80C38EnTd/+Bn6vRcW
> PkCKJO3RCwRjdDACIlS/bx4aMrt36M/bbGgF+mRtn3NNNHqeGkMQV490b8pvRlxM
> DfeH/RAdUdOMQ7PVRCJAEKreI268ywabltzOya5MPBhY3RjRgJeBJQ==
> =JaqR
> -----END PGP SIGNATURE-----
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards