Doesn't the security folks have a totally skewed view of what the real problem is??
Hiding all (evil) inside users behind a massive firewall is what brings all these techniques into action. If the network administrators instead focused on proper partitioning of the networks, then several things are achieved in one go;
1. There are not much vulnerable resources on the network where the back-door is initiated. Less Harm, less reason to try an attack.
2. Ordinary users, often programmers, have more useful network in their hands, creating less reason to actively trying to circumvent the firewalls. Less creation of "good" back-doors, less available potential exploit opportunities.
3. Applications and OSes should be much more network robust. If each resource is secure from within, then there is not much point to have managed to "gain access" to the internal network. But then, we would need to throw out Windows as a start...
End of the day, we ordinary users, who have to work with the straight-jackets deployed at larger corporations, are the ones that are being sucked dry, leading to frustration and enormous unnecessary extra cost, that the network administrators creates.
Hiding all (evil) inside users behind a massive firewall is what brings all these techniques into action. If the network administrators instead focused on proper partitioning of the networks, then several things are achieved in one go;
1. There are not much vulnerable resources on the network where the back-door is initiated. Less Harm, less reason to try an attack.
2. Ordinary users, often programmers, have more useful network in their hands, creating less reason to actively trying to circumvent the firewalls. Less creation of "good" back-doors, less available potential exploit opportunities.
3. Applications and OSes should be much more network robust. If each resource is secure from within, then there is not much point to have managed to "gain access" to the internal network. But then, we would need to throw out Windows as a start...
End of the day, we ordinary users, who have to work with the straight-jackets deployed at larger corporations, are the ones that are being sucked dry, leading to frustration and enormous unnecessary extra cost, that the network administrators creates.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1701/1155#1155