Firewall Wizards mailing list archives

RE: Transitive Trust: 40 million credit cards hack'd

From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 21 Jun 2005 10:16:22 -0400

It's a failed analogy all around, though.  In the case of bear vs. runner,
one bear can only maul one runner at one time.  I've got screens and screens
worth of alert data that show that a single e-bear can chase and maul
thousands of runners at the same time.

I agree that doing something is better than doing nothing.  I also agree
that 2-factor AAA is viable and definitely worth the effort and expense for
some organizations (including mine).  But if your goal for securing your
organization is to be better than you think your "neighbors" (whether
they're in physical, logical, or market proximity) are, then all you can
hope to achieve is to not suffer a compromise at the same time in the same
way as your neighbors.

As far as making my network a "hard target" in the military sense (Google
for "hard target interdiction" or HTI), no thank you. :)

PaulM

-----Original Message-----
Subject: RE: [fw-wiz] Transitive Trust: 40 million credit cards hack'd

And you (and others) assume there's only two runners. 

I still think I'll make an attempt to out run the bear and be as tough a
target as I can afford, and hope the bear is smart enough to pursue the easy
targets.

The point is, don't make yourself the _easy_ target, when there are things
you can do that the other (easier targets) aren't doing.
When there are enough bears and few targets, everyone will get attacked, but
don't lightly toss aside the benefit of making yourself as hard a target as
you can afford. Right now, there are still plenty of honey-soaked targets
for the bears to enjoy.

I'm not necessarily saying this is a completely fail-safe way to secure your
environment, but from what I have seen of other environments, at least the
honey isn't dripping off you and leaving a trail for the bear to easily
follow. Let it drip off the other guy(s).

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Transitive Trust: 40 million credit cards hack'd, (continued)
- RE: Transitive Trust: 40 million credit cards hack'd Paul D. Robertson (Jun 20)
  - Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 20)
    - RE: Transitive Trust: 40 million credit cards hack'd Brian Loe (Jun 21)
    - Re: Transitive Trust: 40 million credit cards hack'd Kevin (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Richards, Jim (Jun 20)
  - RE: Transitive Trust: 40 million credit cards hack'd Eugene Kuznetsov (Jun 20)
    - RE: Broken Analogies (was: Transitive Trust) Ben Nagy (Jun 21)
    - RE: Broken Analogies (was: Transitive Trust) Brian Loe (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Behm, Jeffrey L. (Jun 21)
  - RE: Transitive Trust: 40 million credit cards hack'd Paul Melson (Jun 21)
  - Re: Transitive Trust: 40 million credit cards hack'd Kevin Sheldrake (Jun 30)
- RE: Transitive Trust: 40 million credit cards hack'd Behm, Jeffrey L. (Jun 21)
- RE: Transitive Trust: 40 million credit cards hack'd Stetser Dan Contr Det 4/LAN (Jun 21)