Firewall Wizards mailing list archives
Re: Ok, so now we have a firewall, we're safe, right?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 13 Jun 2005 13:08:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well stated, and I understand the issues, but <with emphasis>the user can't be held accountable for information the vendor fails to provide or attempts to hide. In these situations the vendor then has graciously abrogated the end users responsibility and maintained it for themselves. We're not talking about tagging a routing device with enough decals and warning labels such that it resembles a miniature NASCAR racer, we're talking about providing the documentation that describe the product and it 's setup, care and feeding with the fine points of security related issues clearly located within, as well as in the table of contents, and within the index. Hard cover manuals are a thing of the past, so getting the online and CD ready pdf's redone should be minimal expense and process. Failing to do so moves liability our of the end users realm, even Marcus would have to agree there.
Thanks, Ron DuFresne On Fri, 10 Jun 2005, Dave Piscitello wrote:
To a great extent, hiding complexity is intentional, and IMO a reaction to the scathing criticisms hurled at vendors time and again regarding product and UI complexity. Some folks on this list recall configuring ISDN adapters and bridge- routers, or early V. modems. The survivors from the "your UI bites! You can't expect our 10,000 reasonably intelligent users much less a consumer to change dipswitch settings and enter command line jibberish! We need something *intuitive* and *plug-and-play* or we'll take our business elsewhere" era are IMO permanently traumatized into believing they can't expose complexity (or they conceded long ago, made killings giving the customer what he thought he wanted, and are sipping champagne in sunny surrounds while we debate on maillists). I feel as if we're arguing over the road *not* travelled (distinguished from the road *less* travelled). I'm increasingly skeptical that it's possible to go back to the crossroad and make "secure" a priority over "easy". Too few people actually care, and our culture/society becomes more comfortable each day with solutions that absorb and amortize losses rather than mitigate them. Financials don't invest in stronger identity theft protection while their costs of doing business can tolerate loss. When losses exceed "tolerable" they still don't look for something bullet-proof, only something that reduces loss to below the magic threshold of "tolerable". My experience is that consumers, SMBs, and enterprises don't put even this much effort into assessing and mitigating risk. I might be in the minority, but the fact that 4 of 5 APs are still run wide open is as much an embarrassment to users as vendors. Our hands have to be placed on hot (regulatory) coals to implement security. Even then we procrastinate and lobby to reduce the requirements *and* accountability - and ask vendors to automate and hide complexity. Automation and security aren't good bedfellows. Where security is involved, otherwise rationale adults devolve into whining, rebellious, scheming, negotiating adolescents. The critical parent (regulatory) social style isn't working. The nurturing parent style isn't working. If you've know a way to create adult-adult conversations on the topic of network security, I'm eager to hear them. On 7 Jun 2005 at 3:00, R. DuFresne wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [SNIP]Good thing I scrolled down to find it! It's pretty well hidden for a "strong" recommendation. Took me 15 minutes to find, and that's all I was searching for.I wrote a few papers on wifi products a few years ago, and mentioned that anything at all to do with securing these devices tends to be hidden, if covered at all, and only touched on the the briefest sense, deep down in the documentation. So, nothing has changed in recent times, cool to note the consistency. Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCpUYOst+vzJSwZikRAhKFAJ9x9rdyONzvg/BeBXiY2jq/SruB/wCdGgPB RcUGGqc70qMVsCQNoaEC574= =x1fI -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCrb2nst+vzJSwZikRAhF7AJwP8EtHLpnZ4SUkdKPSLdvc9KnwdgCgmoP8 6gNQ/C8rIogx1BFCf4FYgis= =ihZD -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Ok, so now we have a firewall, we're safe, right?, (continued)
- Re: Ok, so now we have a firewall, we're safe, right? Marcus J. Ranum (Jun 02)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (Jun 02)
- Re: Ok, so now we have a firewall, we're safe, right? Marcus J. Ranum (Jun 04)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (Jun 04)
- Re: Ok, so now we have a firewall, we're safe, right? ArkanoiD (Jun 04)
- Re: Ok, so now we have a firewall, we're safe, right? R. DuFresne (Jun 10)
- Re: Ok, so now we have a firewall, we're safe, right? Dave Piscitello (Jun 10)
- RE: Ok, so now we have a firewall, we're safe, right? Brian Loe (Jun 13)
- RE: Ok, so now we have a firewall, we're safe, right? Dave Piscitello (Jun 16)
- Re: Ok, so now we have a firewall, we're safe, right? Devdas Bhagat (Jun 17)
- Re: Ok, so now we have a firewall, we're safe, right? R. DuFresne (Jun 15)
- Re: Ok, so now we have a firewall, we're safe, right? Marcus J. Ranum (Jun 16)
- Re: Ok, so now we have a firewall, we're safe, right? Dave Piscitello (Jun 16)
- Re: Ok, so now we have a firewall, we're safe, right? Paul D. Robertson (Jun 18)