IDS mailing list archives
RE: [IDS] IDS Common Criteria
From: Randy Taylor <gnu () charm net>
Date: Mon, 13 Jan 2003 10:27:11 -0500
At 07:14 PM 1/10/2003 -0500, Graham, Robert (ISS Atlanta) wrote:
Common Criteria is for those who believe that "security is a process". Security is not a process. There is no silver bullet that will protect you. The Common Criteria process is not a silver bullet.
Security is very much a process. It has a scope that encompasses many concepts that are not addressed from the understandably narrowed focus found in vendor space. Here's just a few of the many issues I'm dealing with these days: - User education, awareness, and training - Security policy - network and physical - Application data flows - Firewall rules - HIDS deployment - NIDS deployment - Anti-virus deployment and management - Incident response - Router and switch hardening policies - Life-cycle management of all the above and then some Without a process view of a system like this, none of it works together the way it was intended in the initial design. Bruce Schneier speaks to the "security is a process" position better than I, but I did want to take a moment to point out some areas that many folks overlook when they talk about security. The broad-scope view makes it all look easy. It's the details that get you killed, figuratively speaking. I agree there is no single "security silver bullet". If there was one it certainly would not be Common Criteria. It wouldn't it be just "IDS", "Firewall", or "Anti-Virus", either. Without a process-oriented approach to security, the "gun" is in the hands of the enemy rather than in ours. Best regards, Randy ----- "If you are going to sin, sin against God, not the bureaucracy. God will forgive you but the bureaucracy won't." --- Hyman Rickover ---
Current thread:
- RE: [IDS] IDS Common Criteria Graham, Robert (ISS Atlanta) (Jan 12)
- <Possible follow-ups>
- RE: [IDS] IDS Common Criteria Randy Taylor (Jan 15)
- RE: [IDS] IDS Common Criteria Rob Shein (Jan 19)
- RE: [IDS] IDS Common Criteria Randy Taylor (Jan 16)
- RE: [IDS] IDS Common Criteria Rob Shein (Jan 19)
- RE: [IDS] IDS Common Criteria Graham, Robert (ISS Atlanta) (Jan 17)
- RE: [IDS] IDS Common Criteria Parnelli Vondel (Jan 20)
- RE: [IDS] IDS Common Criteria Graham, Robert (ISS Atlanta) (Jan 21)
- RE: [IDS] IDS Common Criteria Randy Taylor (Jan 23)