Great Circle Associates Firewalls
(September 1995)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Firewall off Mortal Kombat XIV
From: Christopher Nielsen <nielsenc @ upgrade . com>
Date: Wed, 13 Sep 1995 21:11:06 -0400
To: mjr @ iwi . com
Cc: firewalls @ GreatCircle . COM
In-reply-to: Your message of "Wed, 13 Sep 1995 20:34:55 EDT." <199509140034 . UAA16397 @ switchblade . iwi . com>

On Wed, 13 Sep 1995 20:34:55 -0400 (EDT)  
"Marcus J. Ranum" wrote:
>> 	3) The number of new network-aware and IP-aware apps is
>> 	now on an exponential growth curve. Consider, for a moment,
>> 	how the typical network app is developed today:
>> 	Version 1: no security
>> 	Version 2: security? next version
>> 	Version 3: something lame
>> 	With the increase in network-permeation, the actual number
>> 	of things that "get it right" will be close to zero.

I see this with the developers at my place of employment. They write
network apps that have to run as root because they've hardwired it
that way. The apps have all kinds of neat bells and whistles, but
contain some very basic but serious security bugs. I've tried to put
together a list of secure programming guidelines because I don't have
time to verify all the code that these guys produce, but that seems
to me to be only a kludge. I have numerous stories of confrontations
with security-clueless developers and managers, but I'm sure we all
have those. =)

>> 	What does this all mean? It may mean that there's good
>> job security in being a computer professional. It may mean that
>> someone is going to look at the situation and announce that we
>> have no clothes. I *HOPE* it means that someone will begin to
>> think of new computer security paradigms. Who knows what they
>> will be? I don't think we're going to win the war the way it's
>> going.

As it stands, it seems to me that we are barely keeping ahead of the
security game. I definitely agree that we won't win the war if we
keep this up. People need to wake up to the facts, but it seems to
take a disaster or crisis before they do so. It can be very frustrating
when people won't listen to you because they think they're right; I
had that problem with one of the CIOs yesterday.

My present solution is to just do my job and don't give up the fight.
Even if that means beating my head against the management wall until
my forehead bleeds.


Christopher Nielsen                               UCA&L
System and Network Administrator                  Buffalo, New York
(nielsenc @
 upgrade .
 com)                            #include <disclaimer.h>

Indexed By Date Previous: RE: Firewall off Mortal Kombat XIV
From: Craig McLellan <mclelcl @ onto . network . com>
Next: Re: Firewall off Mortal Kombat XIV
From: Alan Hannan <alan @ mid . net>
Indexed By Thread Previous: Firewall off Mortal Kombat XIV
From: "Marcus J. Ranum" <mjr @ iwi . com>
Next: Re: Firewall off Mortal Kombat XIV
From: Alan Hannan <alan @ mid . net>

Search Internet Search