Search This Blog

Saturday, May 02, 2009

firewall-wizards Digest, Vol 37, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Email Scams, Telemarketing, and Identity Theft
(Bruce B. Platt)
2. Re: State of security technology for the enterprise (Chris Hughes)


----------------------------------------------------------------------

Message: 1
Date: Fri, 01 May 2009 10:35:56 -0400
From: "Bruce B. Platt" <bruce@ei3.com>
Subject: Re: [fw-wiz] Email Scams, Telemarketing, and Identity Theft
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <49FB08CC.5060405@ei3.com>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

Well, After Sam's post I received a phone call from an anonymous caller
who told me that I was pre-approved for a car loan as a result of my
web-form submission. A submission I never made.

I reviewed my credit report activity the next day, and have been since.
All kinds of business opportunities blossom as a result of such scams.
My bank makes some more money by offering me a very inexpensive credit
monitoring service, and presumably the three Agencies get a share. So,
I wonder who is hiring the "captcha" readers and how much this is costing.


Marcus J. Ranum wrote:
> The answer is, "of course not!" It's not paranoia
> if you've ALREADY got a brain-leech installed in you
> and the orbital mind control lasers are making you
> dance like a puppet.
>
> mjr.
After I hung up the telemarketer call, I quickly covered my head with
shaving cream. As any self-respecting Psychologist knows, such coverage
used to be a standard method of defeating mind-control. YMMV :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bruce.vcf
Type: text/x-vcard
Size: 257 bytes
Desc: not available
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090501/fb17eca5/attachment-0001.bin>

------------------------------

Message: 2
Date: Fri, 1 May 2009 10:47:32 -0400
From: "Chris Hughes" <chughes@l8c.com>
Subject: Re: [fw-wiz] State of security technology for the enterprise
To: <firewall-wizards@listserv.icsalabs.com>
Message-ID: <DD89F4F7A6834DCAB8BB39A8AFFFACA4@Acer>
Content-Type: text/plain; charset="us-ascii"

In thinking about it I guess the reluctance is based more on management
being concerned that if I architect an open source solution and leave, there
will be a smaller pool of people to choose from to support it going forward.
Because I am a staff of one for security, there is also the fear that if I
am out and someone needs to "take a look" or respond to a problem, there is
no easy support to call. In these lean times they refuse to hire extra
personnel. Anyhow, I am willing to consider open source solutions where
they fit.

Good info on DPI, thanks. This is the kind of information I'm looking for.
I am not currently using a proxy and had planned on buying BlueCoat last
year for use both as a proxy and decryption/re-encryption of SSL for
inspection. Then I was forced to spend the $$ on a new SAN. This is one
piece I wanted in place this year.

----------------------------------------------

Date: Thu, 30 Apr 2009 17:06:52 -0400 (EDT)

From: "Paul D. Robertson" <paul@compuwar.net>

Subject: Re: [fw-wiz] State of security technology for the enterprise

To: Firewall Wizards Security Mailing List

<firewall-wizards@listserv.icsalabs.com>

Message-ID: <Pine.LNX.4.44.0904301656590.4359-100000@bat.clueby4.org>

Content-Type: TEXT/Plain; charset=US-ASCII

On Thu, 30 Apr 2009, Chris Hughes wrote:

> "mainstream" as missing the mark. The problem is, on an enterprise

> level, most companies are not willing to look at open source solutions

> or vendors they have never heard of. They want brand names that can

> be supported by a wide audience of engineers.

I've never seen that level of reluctance at any large enterprise I've worked
or consulted for. In fact, in these economic times, "it's free" is a lot
more palatable than "you need to spend $10,000." I'd gently suggest that
the security "sale" for the requirement isn't being done well enough if you
can't choose best of breed open source tools- especially if the argument is
"wide audeience of engineers." If your "wide audience" is that narrowly
focused, then I'd suggest removing the term "engineer" from their titles and
substituting "monkeys!"

> My purpose was not to offend you or become viewed as ignorant. My

> purpose is to solicit opinions on these technologies which appear to

> me and the folks I deal with as "new". I will look at IBM's offering as
you suggest.

"Deep packet inspection" has been on the market as such for a number of
years as the challengers to "stateful packet inspection" looked for their
own marketing term. The "problem" with DPI is that to do it right, you
basically have to mimic the fragmentation, ordering and reassembly of an IP
stack, then know what to look for as "bad"- by the time you've written all
of that, you may as well have written a real proxy where you know the
effects of that and you've got a mature implementation that's been in the
field for years- so the code bugs are hopefully already addressed. We've
all seen how well proxies adapted to "new" stuff, and DPI has had the same
set of issues- the problem isn't so much the buzzword as the amount of work
necessary to do a good job coupled with the brain-deadedness of most
application protocols (security is not addressed in this document...)

Paul

----------------------------------------------------------------------------
-

Paul D. Robertson "My statements in this message are personal opinions

paul@compuwar.net which may have no basis whatsoever in fact."

Moderator: Firewall-Wizards mailing list

Art: http://PaulDRobertson.imagekind.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090501/89b1eb87/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 37, Issue 3
***********************************************

No comments: