Avishai Wool wrote:
>My claim is that these rules are very risky and a wonderful
>vector for all kinds of malware.
"Risky" is too kind a word. "Stupid" is more accurate.
I could probably dig up one of my old DAT backups from 1990
with old presentations on VPNs (except I was calling them
"Virtual Network Perimeter" in those days before the marketing
took over) - I recall having a slide that basically said VNPs
should be treated as a trust boundary in spite of their
convenience. I.e.: only permit minimal service-sets to restricted
destinations.
People persist in using even security products at their lowest
"setting" and then they are shocked and amazed to discover
that they're not spectacularly effective. :( Frankly, I find it
baffling, because historically security was a problem domain
that attracted people with strong analytical skills. Perhaps
what we're seeing is the results of the shift in the clue-density
curve that started around the time AOL connected to the Internet...
>However, customers uniformly disagree with this argument, and tell me that
>"traffic coming over a VPN is not perceived as a risk so shut up
>about it."
They are fools.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 06 2005
Intro
