[Dshield] raptor vs. netscreen

Johannes B. Ullrich jullrich at sans.org
Thu Mar 7 22:46:50 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Though choice... However, this may be a case to go back to the basics of 
security. Most notably the 'CIA' principle (Confidentiality, Integrity, 
Availability). Like the many three word slogans, the last one usually gets 
dropped first. 

In my opinion, having a firewall does not good if I cant access important 
services. I can do the same thing getting a $5 pair of sissors and I can 
save the big bucks I spent for the firewall. So in my opinion: Switch the 
function off that prevents you from sending/receiving email, or just dump 
the box back at the vendor.

Just as another philosophy note: Think about security like you think about 
brakes in your car. You have them to drive fast safely, not to prevent you 
from driving fast. So whenever you implement a security feature, think 
about which business function it is supporting.



- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8h+3cwWQP+4im9DYRArSTAKCmeWN5oawBaMDCFFs2gsxDyVBOsQCfa1oz
GkOoHPMH7i2kBEpCxkkVjjY=
=bXKD
-----END PGP SIGNATURE-----




More information about the list mailing list