Firewall Wizards mailing list archives

Re: Time for a new FWTK?

From: Ted Doty <ted () iss net>
Date: Tue, 25 Nov 1997 08:59:43 -0500

At 09:09 PM 11/24/97 -0500, Marcus J. Ranum wrote:

                                                         The
expense, again, is the *KNOWLEDGE* of what protocols
are good and what are bad, why, and how to fix them, and
when.


What's interesting is that as the number of known attacks goes up (heck,
we're putting over 8 new attack signatures per *week* in our tools), the
number of false positives increases.  "Bad" is a lot harder to identify
with certainty now than it was a couple yesrs ago.

Use a caching web proxy server and just pray. Or put
your faith in sandboxes and signed applets. They are
here to stay.


Before making that leap of faith in sandboxes, check out the hostile
applets home page: http://www.rstcorp.com/hostile-applets/index.html

Personally, I won't bet big money that someone won't hack into a big-ish
authority and use their key to sign an attacking applet.  Then again, I'm
nasty and suspicious by nature; your mileage may vary.

It was written in a time when firewalls were not a $400m/year
industry. It was written in a time when people did research in
security, not IPOs. The world has changed -- the Web did
it -- nothing can inject that much money into an area of human
endeavor and leave it unchanged. ALL the players have
changed -- the companies, the researchers, the technology,
the desktops, and the customers.


Except the customers.  They still expect security to be transparent,
efficient, inexpensive, and take no administration.  If the customer is
commercial, security should add profits to the bottom line; if it's the Air
Force, it should add lift to the planes. ;-)

The analogy here is what policing went through in the 1970s: cops on the
beat became cops in a squad car, and then *a* cop in a squad car.  Now we
have micro-management (in a good sense) of resources: if crime in this
9-digit zip code goes up, swarm the area with police - under the assumption
that some new toughs have moved in and set up shop.  The results (from New
York, at least) looks encouraging.  What drives this? Efficiency (read:
cost avoidance).

The next FWTK needs to do exactly this in a network context, to provide the
same result to the customer (cost avoidance).

- Ted

--------------------------------------------------------------
Ted Doty, Internet Security Systems | Phone: +1 770 395 0150
41 Perimeter Center East            | Fax:   +1 770 395 1972
Atlanta, GA 30346  USA              | Web: http://www.iss.net
--------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE

Current thread:

Re: Hardening, (was Re: chroot useful?), (continued)
- - Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 23)
    - Re: Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 23)
    - Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 23)
    - Re: Hardening, (was Re: chroot useful?) Petri Virkkula (Nov 23)
    - Re: Hardening, (was Re: chroot useful?) Craig Brozefsky (Nov 24)
    - Test Systems - was Re: Hardening John Lines (Nov 24)
    - Time for a new FWTK? chuck yerkes (Nov 24)
    - Re: Time for a new FWTK? Marcus J. Ranum (Nov 24)
    - Re: Time for a new FWTK? -= ArkanoiD =- (Nov 25)
    - Re: Time for a new FWTK? Ge' Weijers (Nov 25)
    - Re: Time for a new FWTK? Ted Doty (Nov 25)
    - Re: Hardening, (was Re: chroot useful?) Darren Reed (Nov 24)