Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Why Firewalls Are Uninteresting? (?rp?d Magos?nyi)
2. Re: Why Firewalls Are Uninteresting? (Darden, Patrick)
----------------------------------------------------------------------
Message: 1
Date: Tue, 01 Jul 2014 08:02:41 +0200
From: ?rp?d Magos?nyi <mag@magwas.rulez.org>
Subject: [fw-wiz] Why Firewalls Are Uninteresting?
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <53B24F01.1060206@magwas.rulez.org>
Content-Type: text/plain; charset=ISO-8859-1
Okay, here is my 5 cents for popcorn :)
One of the core tasks of network perimeter defence is to keep the
structure of the network - hence the application architecture - in
shape, and provide information flow control on the macroarchitecture
level. This is what the Red Book is about, and the Red Book is the most
thoroughly forgotten piece of knowledge in IT security if not in IT as a
whole.
If you take a look at the Red Book - I mean the concepts. Do not get
distracted by the language or little details - you will find a whole
book with the title containing network, but talking about application
macroarchitecture and infrastructures. Big mistake? No and yes. No,
because macroarchitecture is what should (have been) define(d) network
structure. Yes, because there are no more than 3 people left (4 with you
now), who knows where to look at knowledge about how to build secure
enterprise architecture.
So now we have network security, which should be treated at the very
first step of development - sketching macroarchitecture and enterprise
architectural guidelines -, usually treated at the last step "hey, we
have this host with some apps on it, lease put it to the network
somehow", using equipment utterly unsuitable for the task (yes, stateful
packet filter vendors, I am pointing at you).
So some people went to other areas with more probability of success, the
most have died in boredom, and here we are who have left because we like
to do impossible missions with unsuitable tools.
Oh, wait, I am not even here. I do enterprise architecture, not network
security. Did I mention the Red Book yet?
------------------------------
Message: 2
Date: Wed, 2 Jul 2014 08:58:04 -0500
From: "Darden, Patrick" <Patrick.Darden@p66.com>
Subject: Re: [fw-wiz] Why Firewalls Are Uninteresting?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<74825E6950ECDE449817715200CEAD2703BA6EDA97@BRTEXMB76.phillips66.net>
Content-Type: text/plain; charset="iso-8859-1"
Part One of the Red book (Trusted Network Interpretation):
http://csrc.nist.gov/publications/secpubs/rainbow/tg005.txt
--Patrick Darden
-----Original Message-----
From: firewall-wizards-bounces@listserv.cybertrust.com [mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of ?rp?d Magos?nyi
Sent: Tuesday, July 01, 2014 1:03 AM
To: firewall-wizards@listserv.cybertrust.com
Subject: [EXTERNAL][fw-wiz] Why Firewalls Are Uninteresting?
Okay, here is my 5 cents for popcorn :)
One of the core tasks of network perimeter defence is to keep the structure of the network - hence the application architecture - in shape, and provide information flow control on the macroarchitecture level. This is what the Red Book is about, and the Red Book is the most thoroughly forgotten piece of knowledge in IT security if not in IT as a whole.
If you take a look at the Red Book - I mean the concepts. Do not get distracted by the language or little details - you will find a whole book with the title containing network, but talking about application macroarchitecture and infrastructures. Big mistake? No and yes. No, because macroarchitecture is what should (have been) define(d) network structure. Yes, because there are no more than 3 people left (4 with you now), who knows where to look at knowledge about how to build secure enterprise architecture.
So now we have network security, which should be treated at the very first step of development - sketching macroarchitecture and enterprise architectural guidelines -, usually treated at the last step "hey, we have this host with some apps on it, lease put it to the network somehow", using equipment utterly unsuitable for the task (yes, stateful packet filter vendors, I am pointing at you).
So some people went to other areas with more probability of success, the most have died in boredom, and here we are who have left because we like to do impossible missions with unsuitable tools.
Oh, wait, I am not even here. I do enterprise architecture, not network security. Did I mention the Red Book yet?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 70, Issue 2
***********************************************
No comments:
Post a Comment