1 |
Sjan Evardsson wrote: |
2 |
> Brian, |
3 |
> |
4 |
> Once you start using scripts to write to automate firewall rules you |
5 |
> give the hackers control of your firewall. |
6 |
|
7 |
Yes, but is this necessarily a bad thing? I'm not convinced this is |
8 |
necessarily problematic. It takes a reactive defense step, hopefully |
9 |
mitigating damage before things get too far lost. The risks may well be |
10 |
acceptable in some environments. |
11 |
|
12 |
There's an awful lot of "intrusion prevention" or "active response IDS" |
13 |
[and insert your favorite en-vogue terminology] out there in the market, |
14 |
and people buy it. The real question is what are the goals, the |
15 |
acceptable losses, and the actual assessment of what risks are involved. |
16 |
What Brian's talking about is a host-based network "hostility" |
17 |
detector with an active response. |
18 |
|
19 |
I am currently testing some code that does this (and, no, it's not ready |
20 |
for release or for production).. but the reason it's written is not to |
21 |
solve the general problem. Rather, it's addressing a very limited |
22 |
subset of problems, based entirely on what the defensive stance is and |
23 |
needs to be to accomplish business goals. |
24 |
|
25 |
THAT'S what you really need to take to your senior management... and |
26 |
that's how you get funding. How do I know? Before I started my |
27 |
company, I was the management that people were talking to for this kind |
28 |
of thing for a very large entity. And, by the way, I raised more than |
29 |
twice my salary in actual new funds while I was there, plus savings due |
30 |
to security measures. Security is only there to protect business value, |
31 |
mitigate risks, and ensure that any losses are actually acceptable to |
32 |
the business. |
33 |
|
34 |
-Bill |
35 |
-- |
36 |
William Yang |
37 |
wyang@××××.net |
38 |
|
39 |
-- |
40 |
gentoo-security@g.o mailing list |