[svlug] BAD PASSWORD: it is based on a dictionary word

[Don Marti]

On Tue, Jan 16, 2001 at 01:33:08AM -0800, J C Lawrence wrote:

> Their security model is heavy firewalling, strong invasive and
> behavioural border traffic analysis (Simon Cooper's work FWIW), and
> the creation of a wide-open "safespace" within that boundary.

That might work acceptably well for a bunch of un*x boxes with static
network configuration, but it should be obvious that firewalling breaks
horribly when the first person unplugs his or her company laptop from
the "safespace" and goes wandering.

At the Embassy Suites in Las Vegas (which I highly recommend if you're
ever in Las Vegas) I plugged into the "High Speed Internet Access In
Your Room Only $9.95" and ran ethereal. Ka-ching! Boxes that I'm sure
are acceptably safe behind their happy little firewall, or when dialed
in to the company by modem, hanging out in the breeze.  

Firewalls are a product, and there's an incentive for companies to
sell them. Host-based security measures are a service, done locally by
network admins (if the company is lucky) and nobody advertises them. So
dumbass IS managers put their budgets into firewalls.

One more thought on the subject of firewalls...nobody has ever explained
to me why, if you don't trust a machine or machines to be on the
Internet, why you don't just put it in private address space with no NAT
or other route out, and use application-level proxies?

-- 
Don Marti              "I've never sent or received a GIF in my life." 
dmarti at zgp.org            -- Bruce Schneier, Secrets and Lies, p. 246.
http://zgp.org/~dmarti/        (Free the Web: http://burnallgifs.org/)