> Perimeter security is brittle, inflexible, complex security. > You have to have > understanding of the semantics of an application at the > perimeter to check > whether the operation is allowed - which is bad so many ways > I don't feel > like listing them all. It is only useful in my view if you have a human expert monitoring the firewall 24x365. That is what we do as a managed service. But you also need all the intrusion detection, patch management etc. I would like to go deeper into the corporate nets, but the customers rarely let this happen. > Generalize to all security > problems caused by bugs in applications. And there are lots > and lots and lots > of lines of code to find bugs in.... Yes, the bad guys aren't > using that > technique at the moment - because they don't have to. When > the easier holes > get plugged, they will.) In a conventional installation there are twin firewalls and the mail server along with all the other external services is situated in the DMZ in between. It is not proof perfect of course, people keep knocking holes in the perimeter, and don't get me started on viruses. But we can usually detect when a machine on the internal network has been zombiefied and shut it down. To make it work well you need to have network wide information. We combine information from all our NOCs and SOCs so that we can be pro-active. The firewall by itself does not provide much value. > The CS community *was* on the right track for the real > solution - about > thirty years ago, with Multics' AIM boxes. We made a bad > mistake when we saw > workstations as "personal machines, so we don't need any of > that security > stuff". I would like to put protocol enforcement modules into hubs. I like the idea of separating network security into a different device to the workstation - gives a much more secure trusted computing base. > As soon as you connect your "personal" machine up to a > network, and start > interacting in any but the most basic ways, it's not > "personal" any more. > Hell, we should have learned that lesson from floppy viruses. Yep, it is really funny hearing the Mac guys smuggly saying that there are no viruses on Mac... > And don't get me started on the > ignorance/cupidity/stupidity/arrogance/etc of > certain software companies who distributed applications which > basically > downloaded arbitary chunks of code from the network and ran it... Hey they were signed chunks of code! Actually the problems we have had from ActiveX and Java are considerably less than from Javascript and worst of all click to execute malicious code in email. If you are going to launch applications Windows had all the machinery built in from day one to do it safely. You create a subprocess and remove the privs necessary to attack the host machine. And just why do we allow untrusted code to modify the O/S boot path? The spammers are not sending out viruses, they are blasting out spam that contains a trojan. No need to bother reading address books any more! Phill