K.S. Bhaskar on 2 Aug 2017 10:00:15 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Firewall/security philosophy [was: SSH Hardening : Request for Best Practices]

Great rant. I read it over lunch. Thanks for sharing.

-- Bhaskar

On Wed, Aug 2, 2017 at 11:16 AM, Rich Kulawiec <rsk@gsp.org> wrote:

Yes, I'm following up on my own message.  No, I haven't lost it.  Yet.

I wanted to share a graph. It's from this brilliant essay/rant:

        The Six Dumbest Ideas in Computer Security

And it's here:


In the years since it was created, the red curve has become ever
steeper: that is, the ratio of legitimate traffic to hostile traffic
has grown and is growing and will keep growing.

Many people have responded to that by spending a fortune in money and
time trying to analyze and "filter" it.  The analysis is an interesting
exercise from a research perspective, and I've done quite a bit of myself.
But from a practical standpoint, it's dumb...because after spending
all that money and time, and logging gigabytes of information, and pushing
it all through SIEM, and having analysts pore over it in excruciating
detail, you know what the final conclusion is?

It's that graph.  That I just showed you.  For free.  The one that
shows that to a pretty good first approximation, the entire Internet
is trying to attack you any it can.  That's what it boils down to.

You're welcome. ;)

Which brings me to my point: why would you allow this when you can stop it?

Oh, sure, if you're one of the mega-operations with global reach,
you have to put up with this.  I've done work for some of those, so I
have a fair understanding of that kind of environment.  But "you",
for a large number of values of "you", are not one of those operations.
You do NOT need to put up with this.  So don't.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug