Bugtraq mailing list archives
Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper)
From: scott () EARTH NEXUS NET (Scott Zimmerman)
Date: Wed, 24 Nov 1999 07:00:28 -0500
On Tue, 23 Nov 1999, Crispin Cowan wrote:
I agree that configuration and operational issues are a hard problem to solve. In general, I don't know how to solve them. My (crass commercial) solution is that folks who don't really know what they're doing should buy appliances
I firmly agree and I'm not even selling anything. <g> The problem here lies in that many work users have systems at home and see no difference between the complete control of their home machines and what they think should be their complete control of their work machines. I worked in a rather large computing facility earlier this year where we were using NetApp filers for central storage. Users vehemently resented the multi-GB quotas and complained by saying "I have a 20GB drive at home, why can't I have one here?" If appliances are put on the desktops instead of real standalone-capable machines, the appliance might be a sufficiently different animal that the users may not be as tempted to make comparisons to their home systems. (I'm speaking generally about PC folks here.)
I'm rather amazed at the existance of the firewall *application* market, where you buy a firewall product and install it on one of your server machines. How can such an application install take a pre-installed machine from an unknown state to a secure state?
These applications help to solve a non-technical problem: liability. If ABC Corp. installs a Double-Widget(tm) firewall then they can demonstrate that they practiced 'due diligence' and made a 'good faith' effort to secure the corporate assets; the darn software vendor must be at fault if there is a malicious intrusion. The technical issues are sufficiently obfuscated that the company probably won't be blamed [by the shareholders, etc.] for the lax security: it will now be [in their eyes] the vendor's fault. Sadly, it seems that covering one's own ass[ets] is functionally equivalent to actually practicing real security without all that nasty work and expense. Cheers, Scott scott(a)earth.nexus.net
Current thread:
- Re: local users can panic linux kernel (was: SuSE syslogd, (continued)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 23)
- Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 24)
- Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability Ussr Labs (Nov 24)
- Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability Ussr Labs (Nov 24)
- Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 24)
- [w00giving '99 #5 and w00news]: UnixWare 7's su Matt Conover (Nov 25)
- Buffer Overflow Survey Paper Crispin Cowan (Nov 22)
- Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Crispin Cowan (Nov 23)
- [ COBALT ] Security Advisory - Sendmail Jeff Bilicki (Nov 24)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Scott Zimmerman (Nov 24)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Simple Nomad (Nov 24)
- Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 24)
- Re: Netscape communicator 4.x Javascript security flaw Metal Hurlant (Nov 26)
- Re: Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 26)
- Windows NT 4.0 Service Pack 6A Breaks IP Forwarding Brendan Howes (Nov 25)
- Oracle Web Listener Mnemonix (Nov 25)
- [w00giving '99 #6]: UnixWare 7's Xsco Matt Conover (Nov 25)
- Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Mark Seiden (Nov 24)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
- BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)