|
Firewall Wizards
mailing list archives
Re: A fun smackdown...
From: marty () supine com (Martin)
Date: Sat, 21 May 2005 08:05:25 +1000
$quoted_author = "Paul D. Robertson" ;
On Tue, 17 May 2005, Martin wrote:
"Be liberal in what you accept; be strict in what you send."
_All_ effective security controls break that tenet. The more liberal your
controls, the more risk you assume.
My original use of the quote was in the context of "adaptive" IDS/IPS as
mentioned in the article. If the system gets too "smart" about recognising
"new"[1] attacks then it can break that tenet and deny legitimate traffic.
I guess the point I'm trying to make that in a security context the quote
only applies to protocols / connections that should be allowed according to
policy but may be denied due to "smart" software[2].
cheers
marty
[1] where "new" = "no signature / fingerprint / definition available for it"
[2] which doesn't really exist, all software sucks.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: A fun smackdown..., (continued)
- Re: A fun smackdown... Devdas Bhagat (May 19)
- Re: A fun smackdown... Martin (May 20)
RE: A fun smackdown... FirewallAdmin (May 17)
RE: A fun smackdown... Behm, Jeffrey L. (May 19)
RE: A fun smackdown... Behm, Jeffrey L. (May 20)
RE: A fun smackdown... Jeremiah Cornelius (May 21)
|
Intro
