Full Disclosure mailing list archives
RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly
From: Steve Wray <steve.wray () paradise net nz>
Date: Tue, 30 Sep 2003 20:56:44 +1200
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Michal Zalewski On Sun, 28 Sep 2003, security () brvenik com wrote:
[snip]
You can't do it particularly easily just by configuring local built-in firewall on each box. Or, you can, but you have no easy way to maintain and audit the structure once it's done.
There is if you don't use a windowing operating system; this is precisely what my team is doing for a very large collection of firewalled boxes, remotely administered and their forewall configurations all maintained and audited by remote control and en masse to boot. We're using Debian Linux with more or less traditional unix tools for the job; ssh, scp, rsync, diff sed and patch.
The value of this software is the ability to: 1) Integrate many security mechanisms (AV, firewalling, auditing, local policy, IDS) under one roof and implement unified policies, 2) Provide an easy way to deploy and track agents and their compliance with group policy, 3) Manage multiple group policies easily, 4) Deploy adaptative policies (say, different access levels when on dial-up, different when in corporate network). That's it. That is an effective tool that goes about as far as we can go with pure IT without major changes to the existing
technology
to protect
I don't see whats new about this... unless its in a windowing environment, but then I guess you get what you ask for! A GUI for everything and everything in a GUI. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: CyberInsecurity: The cost of Monopoly, (continued)
- Re: CyberInsecurity: The cost of Monopoly Paul Schmehl (Sep 28)
- Pudent default security - Was: CyberInsecurity: The cost of Monopoly security () brvenik com (Sep 28)
- Re: Pudent default security Paul Schmehl (Sep 28)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Ed Carp (Sep 29)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Ed Carp (Sep 29)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Shannon Johnston (Sep 29)
- Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 29)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly j (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 30)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Curt Purdy (Sep 28)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)