Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CyberInsecurity: The cost of Monopoly

From: Frank Knobbe <frank () knobbe us>
Date: Sun, 28 Sep 2003 14:34:10 -0500
On Sun, 2003-09-28 at 13:04, Michal Zalewski wrote:

I'd argue... many vendors [...]
provide integrated corporation-wide mechanisms for enforcing group
firewalling, access and logging/IDS policies on workstations or groups of
workstations (and, why not, also servers).
[...]
The technology is there. It takes some effort to use it and do it
correctly, of course.



Michal, 

I think Paul's sentiment was that current efforts are focused on
networks, IP addresses, firewalls, protocols, etc, basically focusing on
the _transport_ of data. I think what we need are better mechanism to
protect the _data_ itself, not just the transport/protocol of it. I'm
not talking about Palladium crap, but more in the direction of more
efficient ACL's, RBAC, and finer system level control. We *can* harden
the chewy insides by applying better controls. (All too often I see
networks with Share and File/Dir permissions being
Everyone-Full_Access...).

Paul, feel free to disagree if I put words in your mouth ;)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: