Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Chris Blask <chris () blask org>
Date: Sun, 28 May 2006 14:18:21 -0700 (PDT)
--- "Marcus J. Ranum" <mjr () ranum com> wrote:
This notion that security is a matter of degree is
accurate in the large but inaccurate in the small. Unfortunately, we're all dealing with the small. Well, we're all really dealling with both. Infosec is like (not even "like", it "is") crime-fighting, and you can't fix national crime rates without the cops on the street. o The small - Anyone who has actual professional assistance (cops, PIs, secret service...) dealing with their crime situation should have a high level of confidence in their measures, or they should fire their pros. - in infosec, we are the "pros". Where someone employees one of us directly we should make them very safe. o The large - All the rest live in a statistical world of crime prevention where their safety has more to do with the statistical success of pros and the folks who support them. - As we all know, that is a measurable science - crime rates are high or low for demonstrable reasons (but they are never 0%). o The macro issues are all we can manipulate to protect the masses. - what kind of homes/cities people live in; best practices at all levels; tools and methodology for crime-fighting and non- activities - when these are better or worse it makes a real difference to vast numbers of real people. - getting better products, architectures and best practices (Good Memes) into the infosec ecosphere may not save any particular network, but it could lower the number of victims or have some other positive impact on the average threat profile. If I haven't lost everyone with analogies yet, all I mean is that not all of the Siblings here combined will ever touch every network and make it whole. So while we should all be personally offended and disgusted if anyone ever cracks a network we took responsibility for (the small), we also shouldn't lose sight of the aggregate goal of making the whole thing acceptably safe in the end (the large), no matter how slippery a pursuit it is. -cheers! -chris _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Tina Bird (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Devdas Bhagat (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Devdas Bhagat (May 27)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Mark (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 30)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Devdas Bhagat (May 29)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- cisco ssh rate limit hermit921 (May 26)
- Re: cisco ssh rate limit David Swafford (May 26)
- Re: cisco ssh rate limit hermit921 (May 26)