|
Firewall Wizards
mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Fri, 23 Aug 2002 14:38:46 -0400
I believe authentication is necessary since one can't positively identify
all the potential weapons in outbound traffic. At the port level, yes, one
can recognize out bound KaZaa, PC-Anywhere, VPN traffic, Instant Messaging,
and SMTP/POP traffic from unauthorized mail sources, etc, and stop it
(recognizing the weapon/hostile intent). Having the authentication
information to send a brief "Don't do that, its agaist policy message" is
useful in this circumstance.
One can even recognize outbound code-red in http traffic and stop it (now,
having authentication to identify the infected PC/user becomes very useful).
In real-time, one can not positively recognize if the other outbound traffic
to a site is hostile or not (porn for example). That's when positive
authentication is necessary. One needs to know its positively Jane Doe that
went to the porn site (which is against policy) or it was someone who sat
down at her authenticated workstation when she walked away without logging
off (which is against policy) before disciplinary actions are initiated.
----- Original Message -----
From: "Adam Shostack" <adam () homeport org>
To: "B. Scott Harroff" <Scott.Harroff () att net>
Cc: <firewall-wizards () honor icsalabs com>
Sent: Thursday, August 22, 2002 7:49 PM
Subject: Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 /
project mayhem )
On Thu, Aug 22, 2002 at 12:32:24PM -0400, B. Scott Harroff wrote:
| In my humble opinion, corporate security people not authenticing and
| filtering/monitoring traffic heading off the corporate network is a like
| airport personel not verifying individuals identities who are on an
outbound
| airplane, or checking what they are carrying. 99.99% of the time
nothing
| happens, that last 1% can be very painful though.
This is one of my pet peeves: Verifying my identity wasn't what was
needed, verifying that I don't have hostile intent was. Today, the
verification that I'm without weapons is probably sufficient, given
that passengers are likely to fight, expecting to die anyway. Then
there's the question of were weapons left aboard for you, but thats
incidental: You could answer the question as well with passengers
who are anonymous.
And incidentally, your math is off by two orders of magnitude. ;)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
