At 10:39 1/04/98 -0500, Jody Patilla wrote: >> I think the real problem is in the way the typical MIS manager seems >> to view firewalls: one silver bullet that you buy, drop it in place, >> and life is good. I realize not everyone is so naive, but in trying >> to wear a consultant's hat for the first part of this year, I've come >> to learn some _really_ scary things about the Real World. > > I refer to this as the Mojo Bag Theory of Firewall Purchase. The >idea is that you buy one and just having it keeps away the evil eye. :-) >(Burning incense in front of the firewall may or may not be a "best >practice", depending on the particular shaman, er, consultant, that you >call in to do the eval.) I couldn't agree more. Further, I think one of the most alarming trends developing is the movement towards "shrink-wrap firewalls" - buy now pay later! If ever there was an item not to be bought off-the-shelf, it's security. Maybe one day we will be able to use self configuring f/w "..yessiree, just plug in your security policy here Mr Customer... you don't have one? Never mind - use our default virtual policy!". Sounds a bit like the beginnings of a very interesting 1 April prank... But how do you convince the MIS Manager that 1) this is ot a good approach, 2) you (the consultant) are not just holding the high intelectual ground to prevent them from such implementations and 3) IT security is not talismans and incense? A firewall is not a means unto itself - it is only the proverbial tip of the (security) iceberg. Regards, Christopher ----------------------------------------------------------------------------- Christopher Nicholls chrisnat_private ~~~~~~~ chrisnat_private ----------------------------------------------------------------------------- m: 0411 454755 w: +61 2 6243 4834 h: +61 2 6241 2112 wf: +61 2 6243 4848 hf: +61 2 6241 8926 ---------------------------------------------------------------------------- -
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:57 PDT