Firewall Wizards mailing list archives
Re: Time for a new FWTK?
From: Ted Doty <ted () iss net>
Date: Tue, 25 Nov 1997 08:59:43 -0500
At 09:09 PM 11/24/97 -0500, Marcus J. Ranum wrote:
The expense, again, is the *KNOWLEDGE* of what protocols are good and what are bad, why, and how to fix them, and when.
What's interesting is that as the number of known attacks goes up (heck, we're putting over 8 new attack signatures per *week* in our tools), the number of false positives increases. "Bad" is a lot harder to identify with certainty now than it was a couple yesrs ago.
Use a caching web proxy server and just pray. Or put your faith in sandboxes and signed applets. They are here to stay.
Before making that leap of faith in sandboxes, check out the hostile applets home page: http://www.rstcorp.com/hostile-applets/index.html Personally, I won't bet big money that someone won't hack into a big-ish authority and use their key to sign an attacking applet. Then again, I'm nasty and suspicious by nature; your mileage may vary.
It was written in a time when firewalls were not a $400m/year industry. It was written in a time when people did research in security, not IPOs. The world has changed -- the Web did it -- nothing can inject that much money into an area of human endeavor and leave it unchanged. ALL the players have changed -- the companies, the researchers, the technology, the desktops, and the customers.
Except the customers. They still expect security to be transparent, efficient, inexpensive, and take no administration. If the customer is commercial, security should add profits to the bottom line; if it's the Air Force, it should add lift to the planes. ;-) The analogy here is what policing went through in the 1970s: cops on the beat became cops in a squad car, and then *a* cop in a squad car. Now we have micro-management (in a good sense) of resources: if crime in this 9-digit zip code goes up, swarm the area with police - under the assumption that some new toughs have moved in and set up shop. The results (from New York, at least) looks encouraging. What drives this? Efficiency (read: cost avoidance). The next FWTK needs to do exactly this in a network context, to provide the same result to the customer (cost avoidance). - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Re: Hardening, (was Re: chroot useful?), (continued)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Petri Virkkula (Nov 23)
- Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 24)
- Test Systems - was Re: Hardening John Lines (Nov 24)
- Time for a new FWTK? chuck yerkes (Nov 24)
- Re: Time for a new FWTK? Marcus J. Ranum (Nov 24)
- Re: Time for a new FWTK? -= ArkanoiD =- (Nov 25)
- Re: Time for a new FWTK? Ge' Weijers (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
- Re: Time for a new FWTK? Ted Doty (Nov 25)
- Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 24)