On 8/4/24 11:07, Daniel M Gessel wrote:
people will try to isolate trusted networks from the untrusted outside
world;
And I assert that it is usually a bad design to pretend that "trusted
networks" are worthy of trust. That's not paranoid enough.
any such scheme is called a "firewall".
Because I don't think such a scheme is paranoid enough…is why I don't
like firewalls.
Again, I have *no* objection to firewalls as an *extra* layer of
protection, but they are seldom used that way.
Steve Litt <sl...@troubleshooters.com> wrote:
I wouldn't be caught dead plugging a computer into the Internet without
a firewall in between.
Which I take to mean your firewall is not merely an extra layer of
protection, otherwise being without it would not be so terrifying.
Rich Pieri <richard.pi...@gmail.com> wrote:
First, the original quote is, "[t]he worst enemy of security is
complexity."
Okay.
And I am quoting Peter Gutmann, circa now. I like his version better.
A corollary is that just because*you* don't understand it doesn't mean
that the people who do understand it are unable to keep it secure.
There are multiple of cybersecurity firms out there making good money
helping companies try to figure out what they are running, because those
companies don't know, If they are building systems that need to pay for
an external service to tell them what they have, then I'm not the only
one who is too stupid to understand. Or…maybe they are too complex.
Oh, and by giving the external service access to their internal systems
they have made their total system *more* complex. They have a problem of
too much complexity, and to make it better they make it more complex. Fun!
Do companies even know what all external commercial services they using
and have given access to? I suppose they could ask accounting who they
are paying that might therefore have access to their internal systems.
(Has accounting been outsourced?)
Maybe time to start an ESIaaS (External Service Identification as a
Service) company.
Clearly the world mostly disagrees with me, I know that. Clearly there
are plenty of those folk here. Firewalls and "trusted networks" have
three decades of "that's how we do things" behind them. Why would
anything I say make any difference against such tradition? (Computer
people think the industry is about innovation, and it is, but it is also
deeply traditional.)
And of course all of this is theoretical, just my making noise about a
non-problem. Our computer systems are secure. It's not like there are
breaks happening. And certainly not bad enough that they might ever make
the news.
No bad news is one indication of no problem.
-kb
_______________________________________________
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss
