Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 64, Issue 3 phishing
From: Dave Piscitello <dave () corecom com>
Date: Fri, 12 Apr 2013 10:33:15 +0200
Stephen, I think your premise - that we are comfortable with this architecture - is wrong, at least for this choir. Your analog also only looks at one dimension of the problem space. - the ship hull is compromised - the pumps are working because someone thought to enable this automation, and he's now serving on another ship - much of the crew are not competent to deal with the crisis, and don't have the time to fully assess the damage because they are distracted by requests to solve far less critical issues so that other of the ship's services remain in operation for the passengers - the passengers pay no attention to the warnings, alarms, and have no clue as to how to abandon ship I suspect that few on this list are comfortable with this scene. The pump is there for many because it's keeping the ship afloat while we patch and re-think how to prevent future hull breaches. Part of re-thinking is coming up with better monitoring (of hull integrity) and AWS; part is raising competencies among crew, and part is raising security awareness among passengers. All of these require the captain's approval and the captain has to empower the officers. On Thu, Apr 11, 2013 at 8:46 PM, Stephen P. Berry <spb () meshuggeneh net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Michealson writes:Check Point's gateway based AV went cloud based last fall. It has over 6M signatures. They also have AntiBot, which has hundreds of millions of IP and hosts classified. They are reclassifying 50k sites/hosts a day with their ThreatCloud, and ThreatEmulation is in EA. Their Application Control has 4900 apps defined locally and 300K in the cloud. Combined with education these are very effective tools.Perhaps I just have a bad attitude, but I'm imagining a ship with a great jagged hole below the water line and a very high output bilge pump that's almost but not quite keeping up with the flooding. The ship doesn't sink -immediately-, and hey that is a pretty impressive pump. But I'm not sure that I'd say that the pump is a very effective tool, because the task I'm actually concerned with isn't---or, I would argue shouldn't be---pumping water out, which the pump does quite well, but rather with keeping the ship seaworthy by keeping the water from getting in in the first place, and the pump doesn't do that at all. I'm not trying to badmouth Checkpoint here. I'm sure their product is wonderful for what it is. But I find it distressing how comfortable we've become with living with network architectures that are perpetually in a state of failure. That are designed failed. You speak in glowing words of the monumental efforts expended by Checkpoint. But while I can admire all that hard work, when I see as system that -needs- this sort of heroic effort -on an ongoing basis- just to continue functioning, I see a system that is fundamentally broken. - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEVAwUBUWcEsR+T8Ptkg9h9AQI4swf/SAXPVaI8DXdOZ7OaUpcBUe6t2Y6ZQCGX 9VB0F2/3pyTWWdcVNUcDMVAiasgF1Pc/uHEhGFbFJNB13ubiUDsvQmjwJMkhN5fk GRT1eJLQrwSjAhzpwnQxTnQQQxwGBlaCb9Lo3db/PMZcxwFaYjzWncthZ6tX9YW5 IOD1Th0fvOEEJvtl+imqYanWUC2HXFJPP+F2f8eswOv2EI80C38EnTd/+Bn6vRcW PkCKJO3RCwRjdDACIlS/bx4aMrt36M/bbGgF+mRtn3NNNHqeGkMQV490b8pvRlxM DfeH/RAdUdOMQ7PVRCJAEKreI268ywabltzOya5MPBhY3RjRgJeBJQ== =JaqR -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 12)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Kyle Creyts (Apr 12)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Marcus Ranum (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Bill Kyle (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Magosányi Árpád (Apr 16)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing David Lang (Apr 30)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Dave Piscitello (Apr 15)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Stephen P. Berry (Apr 16)
- Re: firewall-wizards Digest, Vol 64, Issue 3 phishing Kyle Creyts (Apr 12)