Firewall Wizards mailing list archives
Re: RE: In defense of non standard ports
From: Karl <karl.mueller () asolutions com>
Date: Tue, 24 Jan 2006 16:59:26 -0600
On Tue, Jan 24, 2006 at 03:28:37PM -0600, Behm, Jeffrey L. wrote:
Overheard at the water cooler: "Well, company X allows this traffic, why don't we? They are much larger than us and probably understand security *much* better than we do. Since they think it's safe, shouldn't we think it's safe, too?" I'm still looking for wording used to combat the cluelessness of such mindset in both our own companies, as well as companies that are creating situations that make us run web traffic on non-web ports.
When I hear this, I usually start with something along the lines of "and company X certainly has a legal department prepared to handle the litigation when a boxen inside their network is used to attack or probe a sensitive computer system." While this may or may not be true, it usually gets enough attention from the original speaker that the LART follow-up is met with something other than a glassy-eyed stare. That's when we get to talk about containment, detection, compartmentalization, individual responsibility, and all those other topics related to accepting the risk of a networked computer system. Its not about *if* you're gonna get hacked. Its about *when*, and what happens next. YMMV, but this approach has worked for me. -k _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE: In defense of non standard ports, (continued)
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Re: RE: In defense of non standard ports Tim Shea (Jan 24)
- Re: RE: In defense of non standard ports Paul D. Robertson (Jan 24)
- Message not available
- RE: In defense of non standard ports Brian Loe (Jan 24)
- Message not available
- Re: RE: In defense of non standard ports Marcus J. Ranum (Jan 24)
- Re: RE: In defense of non standard ports ArkanoiD (Jan 25)
- RE: RE: In defense of non standard ports Bill Royds (Jan 24)
- Re: RE: In defense of non standard ports Karl (Jan 24)