Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: Application requires VPN - How are these handled?
From: Paul Robertson <proberts () patriot net>
Date: Tue, 1 Apr 2003 17:51:25 -0500 (EST)
On Wed, 2 Apr 2003, Mikael Olsson wrote:


Ah, you're definitely right for the theoretical situation.
What I'm arguing against, is what I believe is happening in
this particular case: "Here's a copy of securemote, preconfigured
by us. Slap it on to a workstation. You're not allowed to tinker
with it."


When faced with such situations in the past, I've always put a screen 
behind whatever it is I'm not supposed to tinker with when it's been 
possible to do that.


Now, is $bigco likely to provide insurance to the poor bastard
stuck with the new electronic highway to a workstation inside
their LAN? Not very likely.


Actually, $bigco is likely to already have such insurance in place-
the obvious question is if I'm a vendor, how likely am I to either sue 
$customer, or do something else likely to raise their rates.

*That* is why I'm bringing this up-- as an industry, we all *need* to 
understand the role of insurance and make it a non-adversarial business 
process to make claims at any time.  That's what will get the underwriters 
to drive companies to "do the right thing" *and* it'll cover the damages 
suffered from bad apples, m0r0ns and unfortunate circumstances.

If we all use insurance as a risk mitigator and it's not an adversarial 
thing, then we'll all gain from it, as the costs of behaviour will be 
bourne by those who wish to take risks, fail assessments, or don't do the 
right things, and hopefully we can make that into a non-adversarial claims 
process, rather than a sue-like-heck thing that turns folks sour.  The 
bottom line and rate increases will make CFOs take notice of security, and 
that's bound to turn out better than anything we've done to date...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]