Comments on: Enough with the castles http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/ We are the people your IT department warned you about Sat, 13 Mar 2010 13:16:13 +0000 http://wordpress.org/?v=2.0.5 by: Ma petite parcelle d'Internet... http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-87845 Fri, 08 Jun 2007 07:29:04 +0000 http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-87845 <strong>De l'utilité des analogies...</strong> J'ai découvert, avec quelque retard imputable à ce véritable sabbat de la sécurité informatique qu'est le SSTIC, cet excellent article de Scott Granneman intitulé "Security Analogies". Il y discute de l'importance des analogies dans la sensi... De l’utilité des analogies…

J’ai découvert, avec quelque retard imputable à ce véritable sabbat de la sécurité informatique qu’est le SSTIC, cet excellent article de Scott Granneman intitulé “Security Analogies”. Il y discute de l’importance des analogies dans la sensi…

]]> by: Chandler Howell http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6509 Sat, 13 May 2006 11:26:01 +0000 http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6509 Hmm...corporate lawyers...I could go for them as cavalry. Mercenary, uncooperative, and usually useless calvary, but they're the closest thing I ever see to a counterattack. As to law enforcement, they're the guys in the next castle over who wave back at you when you try to get their attention and only want to talk when you can do something for them. Actually, automated reverse-scans are not much fun at all--it's automating the rare bit of malicious fun a white-hat can have when people are having a go at your network defenses. You can map them and fingerprint them, you just can't do anything more. Since we haven't had enough analogies...It's like blowing a raspberry from atop your castle wall and calling the attacker a "<a href="http://bau2.uibk.ac.at/sg/python/Sounds/HolyGrail.wav/kniggits.wav" rel="nofollow">Silly English K...kanigget</a>." Hmm…corporate lawyers…I could go for them as cavalry. Mercenary, uncooperative, and usually useless calvary, but they’re the closest thing I ever see to a counterattack.

As to law enforcement, they’re the guys in the next castle over who wave back at you when you try to get their attention and only want to talk when you can do something for them.

Actually, automated reverse-scans are not much fun at all–it’s automating the rare bit of malicious fun a white-hat can have when people are having a go at your network defenses. You can map them and fingerprint them, you just can’t do anything more. Since we haven’t had enough analogies…It’s like blowing a raspberry from atop your castle wall and calling the attacker a “Silly English K…kanigget.”

]]> by: Alex Hutton http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6447 Fri, 12 May 2006 19:15:47 +0000 http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6447 Any military analog is poor. Castles, especially because it's defenses can attack back. Our defenses, at best, are designed to mainly prevent, and/or detect. What response we do have occurs in a passive manner, more like a battlefield medic than a counter attack. It's not acceptable for example, for our IPS, when it finds a valid attack, to scan the attacker and perform an automated penetration (as fun as that might sound). This, from a strategic standpoint, is a very unenviable position. Any military analog is poor. Castles, especially because it’s defenses can attack back. Our defenses, at best, are designed to mainly prevent, and/or detect. What response we do have occurs in a passive manner, more like a battlefield medic than a counter attack. It’s not acceptable for example, for our IPS, when it finds a valid attack, to scan the attacker and perform an automated penetration (as fun as that might sound).

This, from a strategic standpoint, is a very unenviable position.

]]> by: Saso http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6377 Fri, 12 May 2006 06:41:12 +0000 http://thurston.halfcat.org/blog/2006/05/11/enough-with-the-castles/#comment-6377 I agree with you that the castle analogy has been beaten to death and beyond (hence my attempt to revive it) and I agree that, just like all analogies, it only works this far and in only certain circumstances. From personal experience quite a while ago, I can say that a good analogue to boiling oil is - here comes another analogy - using your corporate lawyers. Cavalry counterattack? Your friendly law enforcement agents. Today's challenges ask for, nay, demand, creative solutions. I'm still in the dark about good analogue to the towers; IPS it ain't, unless you expect your tower archers to occasionally fire a volley across general populace in the courtyard. Raising general security awareness in the corporation would help with half the task the spies, peasants, and messangers did in informing the feudal lord that someone is coming with ill intentions. But the towers were there for that last minute notification of arrival of a raiding party, as well as the final retreat. But we've come a long way since the castles were used to defend livelyhood of the well off stinkers, who failed to learn from antiquity that running water, baths, sewerage, etc are good for you. Castles went out of favour with western civilization's discovery of gunpowder (if they asked their neighbours, they'd have had it quite a while ago) and entrance of canons. Firewalls went out of favour when ... Hm, they didn't quite yet, did they? Maybe they have a purpose to serve, but not in the way they're used now. I've heard application layer gateways are the next best thing. Cue in MJR and SEAL. ;-) So what did we forget that will come to bite us around the corner? If only I knew. <i>Lovely photo; I wish I took it.</i> I agree with you that the castle analogy has been beaten to death and beyond (hence my attempt to revive it) and I agree that, just like all analogies, it only works this far and in only certain circumstances. From personal experience quite a while ago, I can say that a good analogue to boiling oil is - here comes another analogy - using your corporate lawyers. Cavalry counterattack? Your friendly law enforcement agents. Today’s challenges ask for, nay, demand, creative solutions.

I’m still in the dark about good analogue to the towers; IPS it ain’t, unless you expect your tower archers to occasionally fire a volley across general populace in the courtyard. Raising general security awareness in the corporation would help with half the task the spies, peasants, and messangers did in informing the feudal lord that someone is coming with ill intentions. But the towers were there for that last minute notification of arrival of a raiding party, as well as the final retreat.

But we’ve come a long way since the castles were used to defend livelyhood of the well off stinkers, who failed to learn from antiquity that running water, baths, sewerage, etc are good for you.

Castles went out of favour with western civilization’s discovery of gunpowder (if they asked their neighbours, they’d have had it quite a while ago) and entrance of canons.

Firewalls went out of favour when … Hm, they didn’t quite yet, did they? Maybe they have a purpose to serve, but not in the way they’re used now. I’ve heard application layer gateways are the next best thing. Cue in MJR and SEAL. ;-)

So what did we forget that will come to bite us around the corner? If only I knew.

Lovely photo; I wish I took it.

]]>