a new twist on "security through obscurity" )was: Re: Malware "best practices"

bmcculley at rcn.com bmcculley at rcn.com
Wed Jul 26 20:06:01 EDT 2006 

 Chris Brenton <cbrenton at chrisbrenton.org> observed: 
>
>I have a theory on this...
>
>About 8 years ago I was working at a consulting company as a 
>perimeter security guy. Big part of my job was auditing 
>firewall configs. I started noticing that folks running FW-1 
>tended to have enough holes to drive a truck through while 
>folks running Gauntlet and PIX were relatively secure. Didn't 
>take long for the lightbulb to go on as to why. FW-1 has a 
>simple point and click GUI that made it trivial to pass
>traffic. At the time the other two did not. They required a 
>higher level of skill just to get them working that seemed to 
>translate into a higher knowledge of securing the perimeter. 
>In other words, if you did not know what you were doing you 
>would not be able to get a functioning policy in place.
>
>In the Windows/Linux realm it seems to be much the same. A 
>majority (not all) of the folks running Linux have a clue 
>about what goes on under the hood, while the majority (not 
>all) of Windows users do not. So its not just deployment 
>numbers, its overall skill set as well. 

I wonder if there might be another factor, I'm not conversant
enough with this marketplace to have insights, but the mention
of Windows users not all being totally ignorant reminded me
that the more competent and diligent corporate environments
seem to have more expertise in windows as well as *nices. 
Could it be that the corporate population choosing PIX and
Gauntlet preselected for competence?  Or had the resources and
willingess to direct them towards a sound implementation
rather than a paper tiger?  Were FW-1, Gauntlet and PIX really
comparable in capabilities and performance, or were they going
into different markets?

I like the idea that the more cryptic, obtuse, and demanding
system environments result in better security.  Sort of the
effects of "sysop Darwinism" manifesting in the security
dimension.  That which does not kill us makes us stronger...

-brucem

More information about the gnhlug-discuss mailing list