Home page logo

nanog logo nanog mailing list archives

Re: So -- what did happen to Panix?
From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Thu, 26 Jan 2006 01:44:51 -0500

In message <Pine.LNX.4.64.0601260832510.15682 () netcore fi>, Pekka Savola writes:
On Thu, 26 Jan 2006, Valdis.Kletnieks () vt edu wrote:
In other words - what is the business case for deploying this proposed
solution?  I may be able to get things deployed at $WORK by arguing that
it's The Right Thing To Do, but at most shops an ROI calculation needs
to be attached to get movement....

Exactly.  If $OTHER_FOLKS don't deploy it, cases like Panix may not 
really be avoided.

I think that's what folks proposing perfect -- but practically 
undeployable -- security solutions are missing.

That is, of course, why I asked the question -- I'm trying to 
understand the actual failure modes and feasible fixes.  I agree that 
many of the solutions proposed thus far are hard to deploy; some 
colleagues and I are working on variants that we think are deployable.  
But we need data first.

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]