Re: Operational Issues: Applications & Appliances (was: Buffer

From: Scott Zimmerman (scottat_private)
Date: Wed Nov 24 1999 - 04:00:28 PST

Next message: Goetz Babin-Ebell: "Re: local users can panic linux kernel (was: SuSE syslogdadvisory)"

Previous message: Ussr Labs: "Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0"
Maybe in reply to: Crispin Cowan: "Operational Issues: Applications & Appliances (was: Buffer"
Next in thread: Simple Nomad: "Re: Operational Issues: Applications & Appliances (was: Buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 23 Nov 1999, Crispin Cowan wrote:

> I agree that configuration and operational issues are a hard problem to solve.
> In general, I don't know how to solve them.  My (crass commercial) solution is
> that folks who don't really know what they're doing should buy appliances

I firmly agree and I'm not even selling anything. <g>  The problem here
lies in that many work users have systems at home and see no difference
between the complete control of their home machines and what they think
should be their complete control of their work machines.  I worked in a
rather large computing facility earlier this year where we were using
NetApp filers for central storage.  Users vehemently resented the multi-GB
quotas and complained by saying "I have a 20GB drive at home, why can't I
have one here?"  If appliances are put on the desktops instead of real
standalone-capable machines, the appliance might be a sufficiently
different animal that the users may not be as tempted to make comparisons
to their home systems.  (I'm speaking generally about PC folks here.)

> I'm rather amazed at the existance of the firewall *application* market, where
> you buy a firewall product and install it on one of your server machines.  How
> can such an application install take a pre-installed machine from an unknown
> state to a secure state?

These applications help to solve a non-technical problem:  liability.  If
ABC Corp. installs a Double-Widget(tm) firewall then they can demonstrate
that they practiced 'due diligence' and made a 'good faith' effort to
secure the corporate assets;  the darn software vendor must be at fault if
there is a malicious intrusion.  The technical issues are sufficiently
obfuscated that the company probably won't be blamed [by the shareholders,
etc.] for the lax security:  it will now be [in their eyes] the vendor's
fault.  Sadly, it seems that covering one's own ass[ets] is functionally
equivalent to actually practicing real security without all that nasty
work and expense.

Cheers,

Scott
scott(a)earth.nexus.net

Next message: Goetz Babin-Ebell: "Re: local users can panic linux kernel (was: SuSE syslogdadvisory)"
Previous message: Ussr Labs: "Multiples Remotes DoS Attacks in MDaemon Server v2.8.5.0"
Maybe in reply to: Crispin Cowan: "Operational Issues: Applications & Appliances (was: Buffer"
Next in thread: Simple Nomad: "Re: Operational Issues: Applications & Appliances (was: Buffer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:03 PDT