[Dshield] The internet -- testing platform, or production environment?

Ed Truitt ed.truitt at etee2k.net
Wed Oct 30 13:57:01 GMT 2002


While you make some good points, it appears as if you are saying "in order
for me to be safe, I must be able to totally control what you can / cannot
do" - in effect, turning the Internet from a village governed by a form of
anarchy into a fascist police state.  The company I work for has very
stringent rules for putting anything on their networks - in some cases, even
portions of their networks are isolated from others.  What software you can
install on a PC is very carefully controlled.  Well, I for one don't want to
have to abide by those same policies at home, just so my company (or yours,
for that matter) feels a little more comfortable.

I see this whole debate not in terms of a highway, rather in terms of land
use.  Someone builds an airport, then a decade later people decide to build
houses on the perimeter of the airport, then they decide to sue the airport
and control its operations, because those darn airplanes are just too noisy.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: <KeithTarrant at spamcop.net>
To: <list at dshield.org>
Sent: Tuesday, October 29, 2002 5:59 PM
Subject: [Dshield] The internet -- testing platform, or production
environment?


> 1.  Academia and ISPs just don't understand the scope of the problem.  The
> outstanding issue isn't the security of the system I have full control
> over.
>
> In production, you need a safe environment for the sites connecting to
> you.  In banking, for example, it does no good if my banking system is
> totally secure if my customer has a trojan keystroke logger.  In B2B, it
> does no good if my system is totally secure but my supplier has been
> cracked.  In retail, as a customer, it does no good if my PC is totally
> secure but Land's End's server is wide open.
>
> Think about it and you'll see this is your problem too.  For the systems
> that are open to them, it is pretty usually true that you are only as
> secure as the computers your student's and staff have at home.
>
[snip]




More information about the list mailing list