RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly

[Steve Wray <steve.wray () paradise net nz>]

> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Michal Zalewski
>
> On Sun, 28 Sep 2003, security () brvenik com wrote:
[snip]
> You can't do it particularly easily just by configuring local built-in
> firewall on each box. Or, you can, but you have no easy way 
> to maintain and audit the structure once it's done. 

There is if you don't use a windowing operating system; this is
precisely
what my team is doing for a very large collection of firewalled boxes,
remotely administered and their forewall configurations all maintained
and audited by remote control and en masse to boot.

We're using Debian Linux with more or less traditional unix tools for
the job; ssh, scp, rsync, diff sed and patch.

> The value of this 
> software is the ability to:
>
>   1) Integrate many security mechanisms (AV, firewalling, auditing,
>      local policy, IDS) under one roof and implement unified policies,
>
>   2) Provide an easy way to deploy and track agents and their
>      compliance with group policy,
>
>   3) Manage multiple group policies easily,
>
>   4) Deploy adaptative policies (say, different access levels when
>      on dial-up, different when in corporate network).
>
> That's it. That is an effective tool that goes about as far 
> as we can go with pure IT without major changes to the existing
technology 
> to protect

I don't see whats new about this... unless its in a windowing
environment,
but then I guess you get what you ask for! A GUI for everything and
everything
in a GUI.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html