full-disclosure-uk November 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Securing our computers

Re: [Full-disclosure] Securing our computers?

From: Memisyazici, Aras <arasm_at_nospam>
Date: Mon Nov 03 2008 - 14:05:45 GMT
To: <full-disclosure@lists.grok.org.uk>


<mcwidget said>:

>> the security on these boxes could be tightened/restricted to our heart's content as this would not impact the user's everyday use.

:) As someone who shares geographical commonality and is honored to be a 'padowan' of Valdis, when I brought up something very similar to this argument a while back, I was smacked down so bad by him and his peers, it still hurts to remember that day! :p

In any event, before ya'll make even more 'human' comments like the one above, please consider that:

  1. you are dealing with an extremely considerate and intelligent man who has and continues to put up with this very question among many other things on a daily basis, while pretending to be a regular IT guy :)
  2. The suggestion you made mcwidget is pretty much (I'm very sad to agree) 'just not worth it'...

To expand, design a model keeping the following factors in mind:

  • cost of implementing such technique onto existing hardware (i.e. Openwrt like systems) vs. distributing new hardware
  • cost of the load that will be placed on the vendor's support team for this project (don't forget that vendors will be hiring Punjab-I-read-Scripts farms so calculate for the 'hold please!' and the customer getting so aggravated due to false-neg's/pos's or just plain non-functionality that they cont. To waste support resources over and over and ...)
  • cost of maintaining a team of clued -IT prof.'s who will create/update a central db of sig's on extreme hardware by cooperating with other vendors who will deliberately shoot down attempts b/c such a product will drive down their sales (not everyone cares for the greater good, in today's greedy society)
  • speed of adaptation of said technology, given all the lovely comments it will be receiving from early-Joe/Jill Sixpackers blogs/sites who had no idea how to use it other than they were told it's a 'Good Thing', and given a Flash video demonstrating how they can implement the device with it's color-coded cabling and free-of-charge 1st support call if all else failed!
  • The cost on the vendor with all the returns it receives back

***###***###***###***###***###***### (there were more factors but after the 6th or 7th hit to the back of the head, you tend to lose way too many memory cells to remember all :p)

Now... Don't get me wrong, I totally agree with you, at first it sounds like a great idea to implement NAC/P like technology for the reg. Joe/Jill out there... But as you can all deduce it's just not pheaseable in the 'Real World'.

As for your original comment and why I singled it out...

So... Your scenario assumed successful implementation of the tech. by the user... And totally disregarded false-negatives and false-positives... So here's Joe Sixpack staring at this warning sign saying, 'according to our immature calculations 'something isn't right', so we're gonna let you figure that out by allowing you to only go to our approved 3rd party/marketing associate sites (which others can also join the network for a pheaseable fee) or by calling us at 800-OUTSRC-IT and wasting 2-3 hours on the phone to figure out that our central db doesn't include signatures for your AV/firewall/anti-malware combo yet...

Sincerely,
Aras 'Russ' Memisyazici
Systems Administrator

Office of the Vice President for Research Virginia Tech


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.