"Marcus J. Ranum" <mjr_at_ranum.com> wrote:
[snip]
> If you want to
> look at things from my (admittedly weird) perspective, the current fondness
> for "patch your software constantly" is proof positive that packet-based
> firewalls don't (and never did) work except for at a very gross level.
[snip]
That's not "weird" by any stretch of the imagination. It may be
"unpopular." It may not be "mainstream." But weird it ain't. It's
just intelligent, educated and honest. Problem is: People (read: PHBs,
mainly) don't want intelligent, educated and honest. They want their
latest whiz-bang crosses-the-boundary-between-internal-secure-and-
external-unsafe application to just work and don't bother me with the
details thankyouverymuch. Never mind the ISPs that knowingly give
electronic Petri dishes direct connectivity to the 'net, without even a
modicum of blocking/filtering/what-have-you.
This is complicated by Certain Vendors who proclaim that sophisticated
computing environments can be capably managed by somebody who's taken a
short course or read a few books, and a point-n-drool GUI.
The results are predictable. Virus'/worms/Trojans run amok. Email
delivery is unreliable. Major corporations regularly find their
internal network paralyzed. And on and on.
Oddly enough: The people "victimized" by all this exhibit all the signs
of insanity: They keep doing the same thing and expecting different
results.
You're not "weird," Marcus. It's the rest of 'em that're weird. I'm
reminded of this:
"If fifty million people say a stupid thing,
it is still a stupid thing." - Anatole France
Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Aug 21 2006
Intro
