tag:blogger.com,1999:blog-4088979.post3424316183208402494..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Don't Fight the FutureRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4088979.post-10235619105067471952009-02-10T03:52:00.000-05:002009-02-10T03:52:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-85346373176115882042008-12-10T03:00:00.000-05:002008-12-10T03:00:00.000-05:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-12437563936484113092008-11-22T09:19:00.000-05:002008-11-22T09:19:00.000-05:001-3 just won't happen. Security policies won't all...1-3 just won't happen. Security policies won't allow it. There's absolutely no reason that the internet should be able to know the addressing scheme on my internal, private, secured network. In a security environment where leaking an internal path in the webserver is considered a bad thing, allowing the whole world to know your internal structure is unimaginable. And as Yoshi said, VPNs aren't going anywhere. <BR/><BR/>#5 is ridiculous. It's architecturally a step backwards. Managing individual devices in a world where every lightbulb has it's own IP is...counterintuitive at best. <BR/><BR/>6-7 are in the process of happening now. I'm seeing more status agents for reporting back to the centralized monitoring server, and bandwidth is never decreasing.Matthttps://www.blogger.com/profile/10471234837140977994noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-26425752059373635832008-11-22T08:59:00.000-05:002008-11-22T08:59:00.000-05:001. "VPNs" aren't going anywhere. They are evolvin...1. "VPNs" aren't going anywhere. They are evolving. IPSec is going away (and none too soon in my book) and being replaced with SSL vpns or similar approaches.<BR/><BR/>2. E-mail is not the only application out there. You are missing expenses, supply chain, time management, accounting, e-learning, news, and the few thousand other applications that people use to do their jobs. Even though my organization outsources HR and time management - I still have to log into the VPN to gain access to other applications. <BR/><BR/>3. False. Companies are segmenting their networks into risk categories not the reverse. (heck I am doing a job for a major organization right now around this)<BR/><BR/>4. True sort of. Companies are determining what applications have different risks profiles. A well design app with low risk will be able to do more within the organization that a higher risk application. And incentives are being offered to business groups to design 'secure' apps and follow policy.<BR/><BR/>5. Agree<BR/><BR/>6. Been advocating this for as long as I've been in this business but organizations are notoriously bad at implementing it.<BR/><BR/>7. Most organizations are already doing this.yoshihttps://www.blogger.com/profile/00081974018229308110noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-47340503008131425752008-11-22T00:50:00.000-05:002008-11-22T00:50:00.000-05:00End-to-end connectivity might be just a mean to bu...End-to-end connectivity might be just a mean to build secure overlay networks. That's the idea behind Mobile IPv6 for instance, and merely an other way of thinking your "perimeter". Because deperimeterization is nothing more than switching from a physical perimeter to a logical one.<BR/><BR/>Just 0,02EUR, and not an endorsement of the Jericho Forum either ;)Anonymousnoreply@blogger.com