RE: Fw: [ISN] Firewalls a dangerous distraction says expert
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 8 Jul 2005 10:13:39 -0500
Hi Jim,
Absolutely. The firewall is part of a comprehensive defense in depth
architecture. But what this guy is saying you don't need a door, a lock,
a fence, a dog or a scarecrow to protect your home. Just keep a gun
under your pillow and hope you get him before he gets you :)
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, July 08, 2005 10:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Fw: [ISN] Firewalls a dangerous distraction says
expert
http://www.ISAserver.org
I hate to say so, but there is some truth to his statements.
How many times have we heard the cry of "why can't ISA protect me from
an internal virus attack?"
Granted, we've brought this on ourselves by:
1. responding to every user who says "do it for me" with one weirdzard
or another
2. marketing products as if they're the be-all, end-all of your security
technique
The fact is (and I know most of you will agree) that what he should have
said is "ok - use a firewall if you want, but don't stop there!"
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Friday, July 08, 2005 07:44
To: [ISAserver.org Discussion List]
Subject: [isalist] Fw: [ISN] Firewalls a dangerous distraction says
expert
http://www.ISAserver.org
Great. Just what we needed-- a "security researcher" at the SDSC
telling us
that firewalls are a "dangerous distraction."
Ra, Ra, Ra.
t
----- Original Message -----
From: "InfoSec News" <isn@xxxxxxx>
To: <isn@xxxxxxxxxxxxx>
Sent: Friday, July 08, 2005 1:21 AM
Subject: [ISN] Firewalls a dangerous distraction says expert
> http://www.techworld.com/security/news/index.cfm?NewsID=3992
>
> By Rodney Gedda
> Computerworld Australia
> 07 July 2005
>
> A preoccupation with firewalls is diverting attention and resources
> away from the more important issue of locking systems down, according
> to an expert.
>
> Computer security researcher at the San Diego Supercomputing Center
> (SDSC), Abe Singer said companies can spend 90 percent of their
> security efforts on firewalls and not much of anything else. "I'm not
> saying firewalls are completely irrelevant, but how much effort do you
> spend on security?" Singer asked. "Do security at the host, not just
> the perimeter. You should be worried about what users are doing,
> because if an attacker is going through the perimeter [without secure
> hosts] then it's game over."
>
> Speaking at the Australian Unix and open systems user group (AUUG),
> Singer prides himself on the claim that the SDSC has gone four years
> without a root-level intrusion to its systems - without using a
> firewall. "At the SDSC we don't use a firewall, it's not feasible," he
> said. "Since we have to secure hosts individually if we had a firewall
> it would be so open it would be useless."
>
> Singer said there is a perception that a firewall is a must-have. He
> cited Visa's server requirements for online merchants which stated
> they must have a firewall, but did not specify any configuration
> details. "Too much of the security budget is being spent on firewalls
> which also get too much attention [and] it's also 'cool' to have a new
> firewall to play with," he said, adding that other appliances like
> intrusion detection and prevention systems are an extension of the
> same idea.
>
> "People are attracted to the idea that security can be bought [and]
> it's hard to differentiate between marketing hype and reality," he
> said. "We have a known 'good' config and when we find something is bad
> it's consistently fixed."
>
> Singer is adamant that intrusion will not be stopped by a firewall and
> attackers have used Trojan SSH clients to steal user names and
> passwords. Other practices Singer recommends include not running
> services you don't need, for example, services that are only required
> internally don't need to be external.
>
> "You really need to think through your processes [and] relying on a
> firewall means you're probably doing security wrong," he said.
> "Surveys have shown that 60 percent of security breaches are internal
> but 70 percent of people are worried about hackers on the outside.
> Internal breaches are worse, because someone has a level of access and
> knows where the assets are. If an attacker was really looking at
> compromising a company's assets he or she would get a job in the mail
> room."
>
>
>
> _________________________________________
> Attend the Black Hat Briefings and
> Training, Las Vegas July 23-28 -
> 2,000+ international security experts,
> 10 tracks, no vendor pitches.
> www.blackhat.com
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
