| |
Cisco security initiative / 4 major firms working to head off Net attacks
by k at 11:00 am EST, Nov 20, 2003 |
anyone else think this kind of thing should be the responsibility of the vendor? isn't this kinda like solving the problem of pollution by issuing filter masks, instead of fixing the factory? |
| |
RE: Cisco security initiative / 4 major firms working to head off Net attacks
by Decius at 11:20 am EST, Nov 20, 2003 |
inignoct wrote:
] anyone else think this kind of thing should be the
] responsibility of the vendor?
]
] isn't this kinda like solving the problem of pollution by
] issuing filter masks, instead of fixing the factory? Well, the reality is that there is an established computer security industry that offers security products. These programs are often seen as preferable to vendor solutions because security updates to vendor software usually include other bug fixes that can break production systems. Even if all of the software vendors completely separated computer security patching from their other patching, and did all of their patching online automatically, it would still be possible to misconfigure your system in such a way that it would be insecure. I could see the tool they are talking about here being useful even in a vendor perfect environment. If you haven't applied the latest patches, then you can't connect to the network. School dorms, and other large, open networks would benefit greatly from such a technology. |
|
| | |
RE: Cisco security initiative / 4 major firms working to head off Net attacks
by k at 11:27 am EST, Nov 20, 2003 |
Decius wrote:
] inignoct wrote:
] ] anyone else think this kind of thing should be the
] ] responsibility of the vendor?
] ]
] ] isn't this kinda like solving the problem of pollution by
] ] issuing filter masks, instead of fixing the factory?
]
] Well, the reality is that there is an established computer
] security industry that offers security products. These
] programs are often seen as preferable to vendor solutions
] because security updates to vendor software usually includes
] other bug fixes when can break production systems. Even if all
] of the software vendors completely separated computer security
] patching from their other patching, and did all of their
] patching online automatically, it would still be possible to
] misconfigure your system in such a way that it would be
] insecure.
]
] In this case, I could see the tool they are talking about here
] useful even in a vendor perfect environment. If you haven't
] applied the latest patches, then you can't connect to the
] network. School dorms, and other large, open networks would
] benefit greatly from such a technology. perhaps. i'm not sure i like the idea of being forced to install software that checks my machine for updates and fails to let me connect without them. there's a lot of technical issues here that could be "solved" in a really wrong and detrimental way. |
|
| | | |
RE: Cisco security initiative / 4 major firms working to head off Net attacks
by Decius at 12:18 pm EST, Nov 20, 2003 |
inignoct wrote:
] perhaps. i'm not sure i like the idea of being forced to
] install software that checks my machine for updates and fails
] to let me connect without them. there's a lot of technical
] issues here that could be "solved" in a really wrong and
] detrimental way. Well, it depends on your environment. Consumer ISPs aren't going to run this, but campus and corporate networks might. |
|
|
|
