Firewalls: Re: TRUST US

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: TRUST US
From:	"Bryan D. Boyle" <bdboyle @ maverick . erenj . com>
Date:	Fri, 28 Apr 1995 08:09:52 -0400
To:	amolitor @ anubis . network . com (Andrew Molitor)
Cc:	firewalls @ greatcircle . com
In-reply-to:	amolitor @ anubis . network . com (Andrew Molitor) "Re: TRUST US" (Apr 27, 8:06pm)
Posted-date:	Fri, 28 Apr 1995 08:09:52 -0400
References:	<9504280106 . AA26135 @ anubis . network . com>

On Apr 27,  8:06pm, Andrew Molitor wrote:
> Subject: Re: TRUST US
> 	Here's a simple quick question, the answer to which will vary
> from person to person. Why do you want the source for your security tools?
>
> 	Do you actually have time to do a proper inspection of the code? Is
> it because documentation is always terrible, and if you have the source, you
> can at least fall back on it? Is it so you can tinker with it? Some other
> reason?

Because, if you are going to protect the network of a company that generates
income and has located on it the family jewels, you damn well better do a
proper inspection of the code, the machines, the cabling, the room it is
located
in, the room access procedures, the training of the operations folks (if any),
and anything else that has to do with protection.  If you don't have the time
or the skills to do it well, then perhaps you should not be doing it.

>
> 	It's become axiomatic that you must have the source, just like
> it's axiomatic that gcc is pretty much the best compiler out there, and
> the client-server model is really the right way to do most anything. Just
> because it's axiomatic doesn't make it false, but I'd like to understand
> why it's true.

Well, one, it keeps the wannabees busy learning about security and perimeter
defense while the rest of us are busy protecting the networks we manage.
 Second, it places the responsibility for network protection in the hands of
the network manager and security types, where it belongs, rather than in the
hands of some vendor marketing department or ex-foreign nation security service
factorums, and third, if it is available, why would you NOT want to know the
gory details.  I don't know about you, but this perimeter defense is too
important to leave to the johnny-come-latelies and other self-proclaimed
'experts' that suddenly have appeared on the scene.

-- 
Bryan D. Boyle           |The Moving Finger writes,and having writ, moves on.
#include <disclaimer>    |Nor all your Piety nor Wit can call it back to cancel
EMAIL: bdboyle @
 erenj .
 com |Half a line, or all your tears wash out a Word of it.
--------------http://www.access.digex.net/~bdboyle/index.html---------------

References:

Re: TRUST US
From: amolitor @ anubis . network . com (Andrew Molitor)

Indexed By Date	Previous:	Re: Re:TRUST US From: "Bryan D. Boyle" <bdboyle @ maverick . erenj . com>
Indexed By Date	Next:	internet & novell From: dennis . evans @ accessil . com
Indexed By Thread	Previous:	Re: TRUST US From: "Simon J. Gerraty" <sjg @ frodo . dn . itg . telecom . com . au>
Indexed By Thread	Next:	Re: TRUST US From: Frank Wortner <frank @ prodigy . com>