RE: Castles and Security (fwd)

["Scott, Richard" <Richard.Scott () BestBuy com>]

<ramble>
My sense of things is two fold.  Firstly, if we are to build secure
infrastructures, we need to use quality components.  Would one build a
castle out of straw.  Despite bringing in another analogy, two of the three
pigs built "castles" were not successful!

If I decide to build an infrastructure, I should have the right to chose
adequate components, and if those components are somehow certified, or
legally advertising to be secure, that that should be sufficient.
If I build a house and select quality bricks, and find that after the house
was built the bricks were made of baked sand in stead of a concrete mixture
(as advertised) as to allow anyone to enter in to my house, I could have
legal recourse.  The manufacture would be sued, and those who entered my
house would also face legal prosecution either by my self or the state.  Of
all the discussions I seem to read on this, there tends to be a targeting of
the attackers, or (exclusive) the manufactures. 

The problem are targeting I think should be reinforced at the component
level.  The gray area of security is that there isn't or lack of certified
products that are secure.  Yes, I could take NT/2000 set that up, and follow
MS guidelines, and with the typical software disclaimer, I have no right in
arguing that my system is safe, legally speaking.  Targeting should be two
pronged, at the attacker and the manufacturer.

Furthermore, and this is where the open source community will benefit in the
long term, that components can be analyzed and fixed, whilst products from
the non-open source garage must be fixed by the vendor.  One could analyze
source codes, ascertain a principle idea of security based on how the code
was created.  This is a long winded solution, but hail the new market of
certifying  accounts that will audit products and grant them security
levels.

Arh, one may say, but we already have security certification, c2 et al.  But
these tend to be used on "government classed" systems, and not singular
components that build the system.  As we concentrate on components entity,
one could include the protocols that are funneled through http.  If a
protocol can be used to by pass security, then it would not be granted a
security license/certification.  If on the other hands that it is lead to be
believed that such a protocol has a clear understanding that could breech
security, then it should be highlighted to the users or such a protocol.
When this highlighted tag actually is seen, I am sure that administrators,
security auditors and alike will be more caring as to actually review the
protocol, rather than having a reactive stance and allowing it through their
firewalls and then trying so fix a security hole.  This will trickle down to
the research laboratories, who when producing new protocols, should have
security in mind.

</ramble>


Richard Scott   
BestBuy.Com
* Best Buy World Headquarters
7075 Flying Cloud Drive
Eden Prairie, MN 55344 USA

The views expressed in this email do not represent Best Buy
or any of its subsidiaries.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards