| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: fw at deneb.enyo.de (Florian Weimer) Subject: CyberInsecurity: The cost of Monopoly On Sun, Sep 28, 2003 at 12:20:28PM -0500, Paul Schmehl wrote: > I don't think "we" as a "security community" have even begun to tackle this > problem. We talk about it, but who is *really* doing it? For example, if > you want to network machines you *have* to use SMB/NetBIOS for Windows, NFS > for Unix, CIFS, or something similar. Who is really looking at how to be > secure while still allowing internal machines to talk to each other? > Certainly none of the above protocols qualify as secure. For NFS, some pretty robust server and client implementations exist. Much better than SMB/CIFS. However, authentication sucks, of course. (NFSv4 will hopefully change that.) > When a machine is problematic, for whatever reason, the usual reaction is > "block it at the firewall". But that doesn't protect that machine from > *other* internal machines. At work, we have almost all of our machines in separate VLANs, and filter the traffic between them. (There are just tens of machines under our direct administrative control, so it's doable. The rest of the network is a huge mess, as usual. The sad thing is that most likely, we'll never need this separation because we are careful enough anyway, but better safe than sorry.) > It only protects it from the outside. And the outside from you, and your organization from embarrassment. 8-)
Powered by blists - more mailing lists