| 1 |
Sjan Evardsson wrote: |
| 2 |
> Brian, |
| 3 |
> |
| 4 |
> Once you start using scripts to write to automate firewall rules you |
| 5 |
> give the hackers control of your firewall. |
| 6 |
|
| 7 |
Yes, but is this necessarily a bad thing? I'm not convinced this is |
| 8 |
necessarily problematic. It takes a reactive defense step, hopefully |
| 9 |
mitigating damage before things get too far lost. The risks may well be |
| 10 |
acceptable in some environments. |
| 11 |
|
| 12 |
There's an awful lot of "intrusion prevention" or "active response IDS" |
| 13 |
[and insert your favorite en-vogue terminology] out there in the market, |
| 14 |
and people buy it. The real question is what are the goals, the |
| 15 |
acceptable losses, and the actual assessment of what risks are involved. |
| 16 |
What Brian's talking about is a host-based network "hostility" |
| 17 |
detector with an active response. |
| 18 |
|
| 19 |
I am currently testing some code that does this (and, no, it's not ready |
| 20 |
for release or for production).. but the reason it's written is not to |
| 21 |
solve the general problem. Rather, it's addressing a very limited |
| 22 |
subset of problems, based entirely on what the defensive stance is and |
| 23 |
needs to be to accomplish business goals. |
| 24 |
|
| 25 |
THAT'S what you really need to take to your senior management... and |
| 26 |
that's how you get funding. How do I know? Before I started my |
| 27 |
company, I was the management that people were talking to for this kind |
| 28 |
of thing for a very large entity. And, by the way, I raised more than |
| 29 |
twice my salary in actual new funds while I was there, plus savings due |
| 30 |
to security measures. Security is only there to protect business value, |
| 31 |
mitigate risks, and ensure that any losses are actually acceptable to |
| 32 |
the business. |
| 33 |
|
| 34 |
-Bill |
| 35 |
-- |
| 36 |
William Yang |
| 37 |
wyang@××××.net |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-security@g.o mailing list |
Archives