Full Disclosure mailing list archives
Re: CyberInsecurity: The cost of Monopoly
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 28 Sep 2003 21:36:41 +0200
On Sun, Sep 28, 2003 at 12:20:28PM -0500, Paul Schmehl wrote:
I don't think "we" as a "security community" have even begun to tackle this problem. We talk about it, but who is *really* doing it? For example, if you want to network machines you *have* to use SMB/NetBIOS for Windows, NFS for Unix, CIFS, or something similar. Who is really looking at how to be secure while still allowing internal machines to talk to each other? Certainly none of the above protocols qualify as secure.
For NFS, some pretty robust server and client implementations exist. Much better than SMB/CIFS. However, authentication sucks, of course. (NFSv4 will hopefully change that.)
When a machine is problematic, for whatever reason, the usual reaction is "block it at the firewall". But that doesn't protect that machine from *other* internal machines.
At work, we have almost all of our machines in separate VLANs, and filter the traffic between them. (There are just tens of machines under our direct administrative control, so it's doable. The rest of the network is a huge mess, as usual. The sad thing is that most likely, we'll never need this separation because we are careful enough anyway, but better safe than sorry.)
It only protects it from the outside.
And the outside from you, and your organization from embarrassment. 8-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: Pudent default security, (continued)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Ed Carp (Sep 29)
- Re: Re: Pudent default security Jay Sulzberger (Sep 28)
- Re: Re: Pudent default security Shannon Johnston (Sep 29)
- Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 29)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Michal Zalewski (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Steve Wray (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly j (Sep 30)
- RE: Re: Pudent default security - Was: CyberInsecurity: The cost of Monopoly Frank Knobbe (Sep 30)
- Re: CyberInsecurity: The cost of Monopoly Florian Weimer (Sep 28)
- Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Curt Purdy (Sep 28)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) George Capehart (Sep 29)
- Re: Soft-Chewy insides (was: CyberInsecurity: The cost of Monopoly) Michael Scheidell (Sep 29)
- RE: [inbox] Re: CyberInsecurity: The cost of Monopoly Curt Purdy (Sep 28)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Joe (Sep 27)
- RE: CyberInsecurity: The cost of Monopoly Jonathan A. Zdziarski (Sep 27)