Firewall Wizards mailing list archives
RE: Castles and Security
From: Lance Spitzner <lance () spitzner net>
Date: Fri, 12 Jan 2001 11:12:33 -0600 (CST)
On Thu, 11 Jan 2001, Robert Graham wrote:
Ancient castles weren't about "defense", but "offense". A castle served as a base of operations from which warriors could sally forth, strike their enemies, then retreat back to safety.
Which is exactly why the enemy attacked castles, to eliminate this threat. The more strongly defended the castle, the more difficult it was to eliminate the threat. That is why over hundreds of years fortifications have perfected defense in depth, it is that much harder to successfully attack. This analogy was not based on why castles were built, but how they could represent defense in depth.
I really dislike the entire class of military analogies. Warfare is about battles, well-known enemies, two parties fighting and responding to each other.
Dooh! I am going to majorly disagree with you on this (but then again, I'm biased). Warfare is not about two well-known enemies fighting. Anyone who ever simplified warfare as such was long ago defeated. For example, our military has entire divisions and training dedicated to "Operations other then war". These units are dedicated to fighting when the enemy is not well known, when there are a variety of other parties. I remember our armor training was signifigantly modified after Somalia. How does a tank platoon fight when a downed helicopter is surrounded by hostile civilians? In many ways we are faced with the same challenges, adapting to new threats, technologies, and rules. I feel the military analogy is an excellent fit. We are attempting to defend resources against an enemy. That enemy may not be well defined, then again throughout history this has often been the case. The problem that we are having is that the rules have changed. Historically, the sides that have adapted first usually win. In our case, the blackhats are adapting faster, and thus are winning.
The reason I prefer this model is that with military analogies, you think in terms of "enemies". Script-kiddies aren't your enemy, they aren't out to get you in particular.
They are attacking my resources. Regardless of their motivation, that makes them my enemy. Thoughts from an previous tread head :) -- Lance Spitzner http://project.honeynet.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Castles and Security (fwd), (continued)
- Re: Castles and Security (fwd) jeradonah (Jan 04)
- RE: Castles and Security (fwd) Bill_Royds (Jan 04)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- Re: Castles and Security (fwd) Ryan Russell (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 08)
- Re: Castles and Security (fwd) George Capehart (Jan 05)
- RE: Castles and Security (fwd) Scott, Richard (Jan 08)
- RE: Castles and Security (fwd) Antonomasia (Jan 08)
- Re: Castles and Security (fwd) Darren Reed (Jan 10)
- Re: Castles and Security (fwd) Steven M. Bellovin (Jan 10)
- RE: Castles and Security (fwd) Robert Graham (Jan 12)
- RE: Castles and Security Lance Spitzner (Jan 12)
- RE: Castles and Security (fwd) Robert Graham (Jan 12)
- RE: Castles and Security (fwd) Ben . Grubin (Jan 12)