Thursday, August 30, 2007

firewall-wizards Digest, Vol 16, Issue 20

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: IPv6 support in firewalls (ArkanoiD)
2. Re: IPv6 support in firewalls (Paul D. Robertson)
3. Re: IPv6 support in firewalls (ArkanoiD)


----------------------------------------------------------------------

Message: 1
Date: Wed, 29 Aug 2007 20:26:08 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] IPv6 support in firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20070829162608.GA17031@eltex.net>
Content-Type: text/plain; charset=us-ascii

Yes. Most people need Google Documents and Ajax. Actually using Google Documents
is safer than installing local "Office" pack.

On Tue, Aug 28, 2007 at 01:16:20PM -0700, Darren.Reed@Sun.COM wrote:
>
> disabling java, active-x and javascript goes a long way to defeating
> most things that attack windows boxen.
>
> downside is you might as well be using lynx to browse the web!

------------------------------

Message: 2
Date: Wed, 29 Aug 2007 12:29:26 -0400 (EDT)
From: "Paul D. Robertson" <paul@compuwar.net>
Subject: Re: [fw-wiz] IPv6 support in firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <Pine.LNX.4.44.0708291225050.32408-100000@bat.clueby4.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 29 Aug 2007, ArkanoiD wrote:

> Yes. Most people need Google Documents and Ajax. Actually using Google Documents
> is safer than installing local "Office" pack.

That depends heavily on your trust model, document propagation risk and
how valuable the documents themselves are. I'd like to see your strategy
for document protection and recovery from Google Docs for a just-laid-off
employee. I'd like to see you stop them from "sharing" a copy of the
document with themselves at home... While it's not easy to do, you *can*
build an environment where a local office package keeps the documents in a
reasonably controlled environment where employees can't e-mail them
directly, dump them to removable media, etc.

Put the documents on a Web site accessible from anywhere on the planet
with reusable credentials and you pretty-much kill the idea of document
control at all, let alone keeping the honest people honest or a credential
exposure from providing the whole farm instead of just a pig.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."

http://www.fluiditgroup.com/blog/pdr/

------------------------------

Message: 3
Date: Wed, 29 Aug 2007 21:01:19 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] IPv6 support in firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20070829170118.GA12129@eltex.net>
Content-Type: text/plain; charset=us-ascii

Sure this applies to "receiving documents from outside" case only,
not for internal document flow. BTW, back to the firewalls: are there
any reasonable "whitelists" of sites that use JS, really do need it to
work properly and known to behave well? Looks like every organization
deploying scripting languages control on the firewall creates one
from the scratch, which may be quite long process. I guess there
should be some "annotated template"?

On Wed, Aug 29, 2007 at 12:29:26PM -0400, Paul D. Robertson wrote:
>
> > Yes. Most people need Google Documents and Ajax. Actually using Google Documents
> > is safer than installing local "Office" pack.
>
> That depends heavily on your trust model, document propagation risk and
> how valuable the documents themselves are. I'd like to see your strategy
> for document protection and recovery from Google Docs for a just-laid-off
> employee. I'd like to see you stop them from "sharing" a copy of the
> document with themselves at home... While it's not easy to do, you *can*
> build an environment where a local office package keeps the documents in a
> reasonably controlled environment where employees can't e-mail them
> directly, dump them to removable media, etc.
>
> Put the documents on a Web site accessible from anywhere on the planet
> with reusable credentials and you pretty-much kill the idea of document
> control at all, let alone keeping the honest people honest or a credential
> exposure from providing the whole farm instead of just a pig.

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 16, Issue 20
************************************************

No comments:

Post a Comment