Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: firewall-wizards Digest, Vol 64, Issue 3 phishing
From: Dave Piscitello <dave () corecom com>
Date: Fri, 12 Apr 2013 10:33:15 +0200


I think your premise - that we are comfortable with this architecture
- is wrong, at least for this choir.

Your analog also only looks at one dimension of the problem space.

- the ship hull is compromised
- the pumps are working because someone thought to enable this
automation, and he's now serving on another ship
- much of the crew are not competent to deal with the crisis, and
don't have the time to fully assess the damage because they are
distracted by requests to solve far less critical issues so that other
of the ship's services remain in operation for the passengers
- the passengers pay no attention to the warnings, alarms, and have no
clue as to how to abandon ship

I suspect that few on this list are comfortable with this scene. The
pump is there for many because it's keeping the ship afloat while we
patch and re-think how to prevent future hull breaches. Part of
re-thinking is coming up with better monitoring (of hull integrity)
and AWS; part is raising competencies among crew, and part is raising
security awareness among passengers. All of these require the
captain's approval and the captain has to empower the officers.

On Thu, Apr 11, 2013 at 8:46 PM, Stephen P. Berry <spb () meshuggeneh net> wrote:
Hash: SHA1

John Michealson writes:

Check Point's gateway based AV went cloud based last fall. It has over 6M
signatures. They also have AntiBot, which has hundreds of millions of IP
and hosts classified. They are reclassifying 50k sites/hosts a day with
their ThreatCloud, and ThreatEmulation is in EA. Their Application Control
has 4900 apps defined locally and 300K in the cloud. Combined with
education these are very effective tools.

Perhaps I just have a bad attitude, but I'm imagining a ship with a
great jagged hole below the water line and a very high output bilge
pump that's almost but not quite keeping up with the flooding.  The ship
doesn't sink -immediately-, and hey that is a pretty impressive pump.  But
I'm not sure that I'd say that the pump is a very effective tool, because
the task I'm actually concerned with isn't---or, I would argue shouldn't
be---pumping water out, which the pump does quite well, but rather with
keeping the ship seaworthy by keeping the water from getting in in the
first place, and the pump doesn't do that at all.

I'm not trying to badmouth Checkpoint here.  I'm sure their product is
wonderful for what it is.  But I find it distressing how comfortable
we've become with living with network architectures that are perpetually
in a state of failure.  That are designed failed.  You speak in glowing words
of the monumental efforts expended by Checkpoint.  But while I can admire
all that hard work, when I see as system that -needs- this sort of heroic
effort -on an ongoing basis- just to continue functioning, I see a system
that is fundamentally broken.

- -spb

Version: GnuPG v1.4.10 (GNU/Linux)

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]