Great Circle Associates Firewalls
(March 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: A "real" security expert
From: pnh1rgr @ mclo10 . med . navy . mil (Bob Resino)
Date: Fri, 31 Mar 1995 08:07:53 -0500
To: "Frank Byrum" <byrum @ vbv . dec . com>
Cc: firewalls @ greatcircle . com 
Bob writes:
>
>Darren writes:
>>>
>>>
>>> Marcus wrote:
>>> >Marcus,
>>>
>>> >>
>>> >>    None of the (real) security experts I know say that split
>>> >> DNS is important. See some of my previous postings in the archives
>>> >> for more detailed explanations of why split DNS doesn't buy you
>>> >> anything but a few warm fuzzies.
>>> >>
>>>
>>> Ken Lee wrote:
>>>
>>> >What is it that makes someone a "real" security expert?
>                                    ^ so there are imaginary ones?
>   BTW, I think that the word "expert" is way over used...
                                ^^^^^^^^^    
                                An "EX" is a Has-been and
                                a "sPert" is just a drip under pressure.

>>>
>>> >Ken Lee
>>>
>>> John writes:
>>> "Its someone who knows where to get the expertise, how to apply it, and what
>>> to charge for it".
>>
>>Really ?  I could have sworn that two `security experts' were just about
>>to give away a tool which will probably do more than many so called experts
>>do (assuming that such exist).
>>
>>Only if you're very paranoid would you worry about split DNS (and then
>>you need to do a fair amount more work to ensure it stays that way).
>>
>>If you're properly firewalled and your internal security is as good as
>>your firewalls, then I can't see why it would be useful...you're hiding
>>hostnames that are never going to be of use to anyone breaking into your
>>system from beyond the firewall.
>
>Yes this is true...unless they can break into your firewall and then it
>get real easy to get those internal names...
>
>It is true the split DNS is only a warm fuzzie...and is not "real
>security"...more like obscurity...but people like it...  Many security
>officers at companies like the idea and it looks alot like their corp
>policy...  But we all know that names leak out in all sorts of ways
>... not just through the DNS...  I don't think that doing a split DNS
>hurts the actual security of a site and once it is setup it is not that
>hard to maintain...  But I do think that it is a dis-service to tell
>someone that a Split DNS stops all name leaking...this just is not true...
>
>Frank
>
>
---------------------------------------------------------------
Bob Resino     pnh1rgr @
 pnh10 .
 med .
 navy .
 mil     (804)398-7400
Healthcare Support Office
Medical Construction Liaison Department   Fax:(804)398-7265
Management Information / Data-telecommunciations Div (Code 55)
6500 Hampton Blvd               "To be or not to be...
Norfolk, VA  23707              What was the question ?"
Indexed By Date Previous: Re: Outgoing ftp and filters
From: Mohamed Ellozy <ellozy @ netman-mel . dfci . harvard . edu>
Next: Re: ADDENDUM: Brief report on Firewalls BoF from Networld+Interop, Las Vegas
From: doc @ deathstar . lis . cch . com (Matthew J. D'Errico)
Indexed By Thread Previous: Re: A "real" security expert
From: patrick @ oes . amdahl . com (Patrick Horgan)
Next: Re: A "real" security expert
From: bonomi @ delta . eecs . nwu . edu (Robert Bonomi)
Google
 
Search Internet Search www.greatcircle.com