[Dshield] "Personal Firewalls" are mostly snake-oil?

Russell Washington russ.washington at vaultsentry.com
Wed Jul 24 15:07:38 GMT 2002


<snip>

Ok, I had to respond to this:

*** Users can be educated gradually if the solution is innovative enough.
According to my experience ZA and ZAPro are innovative products with
innovative GUIs. ***

"Gradual" and "security" are mutually exclusive in any context that means
anything in systems or network administration.  For end-users whose most
valuable data are the pics they shot of their wives in her skivvies, fine.
For securing a business entity, this kind of thinking will, and should, get
you fired.  No, you can't get everything done immediately, but to bet your
security on the learning curve of Joe User is complete and utter insanity.
Anyone who thinks like this needs a serious education, fast, if they're
going to run in informed circles.

I don't mean to flame, it's the reasoning, not the poster, that ticks me
off... I have way too many clients who think this way and want to make the
vendor (me) responsible when someone waltzes through their "gradual"
approach into a supposedly-secure server.  Security under this kind of
thinking isn't security at all.




More information about the list mailing list