Amen to the below statements and now can we get on with anything else?
We have beat this horse to death**** firewalls stop bad guys. Carry
on please with firewall related discussion. Are we civilized or what??
______________________________ Reply Separator _________________________________
Subject: FW: Hacker Site List?
Author: FIREWALLSOWNER (EMAIL.FIREWALL) at SSWGATE
Date: 8/25/94 2:25 PM
To put my two cents in here, I agree with this posting. Security is a
dynamic cat and mouse game where the attackers stand a good chance of
winning and the best a administrator can do is break even. Creating such a
list is also impossible ( unless you have nothing to do with your time).
Each organization must evaluate their security requirements and then take
action to plug the holes, not rely on some list to give them security. Use
a firewall.
----------
From: firewalls-owner
To: firewalls
Subject: Re: Hacker Site List?
Date: Thursday, August 25, 1994 12:44AM
I'd like to know who's like "serious" about the list, as it seems like a
pretty silly
idea & I'd prefer to know who would think this was a "serious tool" before I
ran into them on the net. Not only that knowing who "used" it would allow
me to lock out the sites that did. -everywhere I could.
It comes across as lazy, ill consided, rude, and totaly contrary to the
spirit
that the net is built on. Not to mention flat out ignorant.
Lazy because it's a rather lame way to blindly deal with a potential
problem,
and requires no thought, no work, and no real knowledge.
Rude because it's just _damned_ inconsiderate to condem an entire domain out
of hand, with no consideration for the site whatsoever. OR for the problems
a
site might be having and be unaware of. ("Gee I didn't know I had a problem
because no one told me untill I ended up finding out I was on the shitlist")
Ill consided because WHO DECIDES? Someone stupid enough to think that
joe newluser who doesn't understand the net and tries to go where he's not
wanted just because he doesns't know better is a "serious security threat"
or
some kid with a sendmail script decides to try it on a number of hosts is a
"major incident" that somehow makes a site or domain worthy of shitlisting?
Or someone who is so far beyond YOUR PROBLEMS in their solutions and
experience that they consider what you struggle with to be trivial?
Contrary to the spirit of the net becasue it just IS. This thing wasnt' put
together to
randomly shut it off. The net is based on TRUST in case people are
forgetting, or no
one ever told them. I don't mean "I trust your host implicitly" but rather
I trust the domain administrator, network provider, or site administrator to
care
enough about being connected to the net and other people on the net to DO
somthing if
there is a problem at a site they are responsible for, and to TELL ME IF I
HAVE A
PROBLEM.
Ignorant because if this is one of the better things you would do you
probably ought
not to be on the net. Running a site on the net comes with some obligation
to
your
fellowman, and doing something positive to deal with a problem, instead of
acting in a
negative and destructive manner. (can we say denial of service attack?)
I thought that firewalls were about dealing with security needs (not
problems, but
needs, the 2 are different), in such a manner as to be able to maximize the
amount of
connectivity that is possible for a site while still meeting the needs of
privacy &
administration. Unless that understanding is grossly inaccurate, I can NOT
see how
this proposition is appropriate for this list, as it is completly
anti-connective using an
net-centric (or "everyone else but me") mode of action and policy model, as
opposed
to a more traditional site-centric (or "what can *I* do to) mode of action
and policy
model.
Discussions about blacklisting and institutionalized denial of service have
no place in
a discussion about firewalls.
Tim Scanlon
|
|
