Create an Account
username: password:
 
  MemeStreams Logo

RE: Network Security: Submarine Warfare

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Network Security: Submarine Warfare
Topic: Technology 8:17 pm EDT, Sep 16, 2003

JLang wrote:
] Perimeter defense is a lost battle.
]
] Like old generals, we're still fighting the last war, in which
] our network was a castle with impregnable walls, a
] well-defined entry point across the drawbridge (head-end
] router), portcullis (firewall) and guards (IDS).

Well, that was an entertaining article, but I'll offer the following:

1. People have been quoting statistics about attacks coming from the inside for years. I doubt its actually true, and it certainly hasn't slowed the sale of firewalls. If you count the amount of scans and probes that come in on a typical internet connection and compare that to internal threats I would be amazed to find that 70% of the threats are internal. I'm not saying internal threats aren't significant or important. I'm simply saying that this statistic is over quoted and under understood.

2. Yes, of course you should harden your internal servers and firewall your "DMZ" off from your internal network! If you're an IT security professional and this is news you ought to be fired. (This is the reason Checkpoint sells well. You can put 12 interfaces in the thing and it doesn't think twice about it.)

3. Rilling up a bunch of IT guys and telling them to implement a "zero tolerance" policy is stupid. The only thing worse then a beaurocrat is a beaurocrat on a mission. When you are responsible for a service that everyone in a company relies on, all of the employees are your customers, not just upper management. You have to find ways to protect critical assets while simultaneously allowing people to do their jobs. Rifling through people's hard drives in search of contraban propagates an atmosphere of distrust that is far more destructive to company objectives then some file sharing. Yes, you should know whats on your network and elminiate things that create risk. No, you should not be a nazi, even if you really enjoy it.

RE: Network Security: Submarine Warfare



 
 
Powered By Industrial Memetics
RSS2.0