tag:blogger.com,1999:blog-4088979.post114131979255718735..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Gartner vs Jericho ForumRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-1141405244139997882006-03-03T12:00:00.000-05:002006-03-03T12:00:00.000-05:00You should not get rid of the perimeter. I underst...You should not get rid of the perimeter. I understand the need to not rely on it completely, but you need a safety zone. What the Jericho group is proposing is that we remove our doors and windows of our homes and lock our jewelry boxes, safes, file cabinets, etc. I prefer that we do harden the OS AND add additional layers of defense.<BR/><BR/><BR/>Maybe they should go IPv6, get rid of NAT and put up a firewall. That will let the BP users think they are "out there" on the net, but not really.<BR/><BR/>PS. I really do think NAT is bad and can't wait to get rid of it (when IPv6 is deployed).<BR/><BR/>I know, kind of random today.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1141392788382808802006-03-03T08:33:00.000-05:002006-03-03T08:33:00.000-05:00That's hilarious, especially since the story you l...That's hilarious, especially since the story you linked contains this quote"<BR/><BR/><I>"Deperimeterization is a set of solutions ...It is defense in depth, it has to be open, interoperable, and OS agnostic," Simmonds said.</I><BR/><BR/>BP has apparently discarded defense-in-depth.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1141391846412314212006-03-03T08:17:00.000-05:002006-03-03T08:17:00.000-05:00BP appears to be missing at least part of the grou...BP appears to be missing at least part of the group's point. This quote is from one of the Jericho Group's board members during the Black Hat Briefings in Vegas (2004):<BR/><BR/>"While deperimeterization <B><I>doesn't mean discarding the firewall</B></I>, it does mean accepting that most exploits will transit the perimeter and implementing some web services. 'Deperimeterization is a set of solutions ...It is defense in depth, it has to be open, interoperable, and OS agnostic,' Simmonds said." [Paul Simmonds, CISO, ICI]<BR/><BR/>http://www.scmagazine.com/uk/news/article/448576/jericho-forum-brings-its-deperimeterization-concept-us/<BR/>http://www.opengroup.org/projects/jericho/uploads/40/8740/faq_bo.pdf (Question 4 - "How is the Jericho Forum managed?")Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1141338979846777502006-03-02T17:36:00.000-05:002006-03-02T17:36:00.000-05:00Somebody please report them to http://www.stupidse...Somebody please report them to http://www.stupidsecurity.com/Anton Chuvakinhttps://www.blogger.com/profile/12740087457147758558noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1141337182967261272006-03-02T17:06:00.000-05:002006-03-02T17:06:00.000-05:00I have long thought that those jokers from Jericho...I have long thought that those jokers from Jericho are not serious, but it looks like they are :-) OMG, such stupidity!Anonymousnoreply@blogger.com