Archive of UserLand's first discussion group, started October 5, 1998.
Re: anti-Firewalls
Author: David Valentine Posted: 5/11/2000; 10:25:15 AM Topic: scriptingNews outline for 5/5/2000 Msg #: 17207 (In response to 17203) Prev/Next: 17206 / 17208
Education, and choosing the right tools. or the simple method: Limit access to internet to a those who need it.The IT security complex has failed misserably. A big huge hole was demonstrated. This whole has been known about for 5 years.
Assume security measures from the start. But that seems to be unpopular.
Sun's approaches all had security considerations built into them. Articles in the old Byte on TCL, and Java sandboxes. Sun came from an on the internet approach. You need permission to open ports and install dameons. You could run dameons from your account, but then you were only jepardizing your information, and that was backed up at least weekly.
Earlier on, Sun had used a trust model for permissions. It failed when it assumed that if you could not conact the server, give the requester permission. Close hole. Unless explicitly authorized, don't allow it.
MS came from a closed network approach. We own the office, we want to make it simple for the boss to buy into our vision. Trust is our security model. Use signed trusted code and you will be alright. MS's trust model failed, too. But unlike Suns trust model, MS's solution cannot be easily fixed. Security was not a consideration in the design.
In 20/20 hindsight. If you knew the love bug, mellissa were going to come along, would you have fought for more non-MS solutions?
This page was archived on 6/13/2001; 4:55:10 PM.
© Copyright 1998-2001 UserLand Software, Inc.