[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Have they stopped teaching Defense in Depth?

Subject: Have they stopped teaching Defense in Depth?
From: leigh.porter at ukbroadband.com (Leigh Porter)
Date: Wed, 16 Nov 2011 13:46:16 +0000
In-reply-to: <[email protected]>
References: <CAAAwwbUqkxszsC8QHkXdDFX7WQRFqLcyBv9qURARPnUaa3d7gQ@mail.gmail.com> <[email protected]>


> -----Original Message-----
> From: Jay Ashworth [mailto:jra at baylink.com]
> Sent: 16 November 2011 13:38
> To: NANOG
> Subject: Re: Have they stopped teaching Defense in Depth?
> 
> ----- Original Message -----
> > From: "Jimmy Hess" <mysidia at gmail.com>
> 
> > Or, the attack is against a legitimate user's outbound connection,
> for example:
> > a user behind the firewall connects to a web site, a vulnerability
> > in their browser is exploited
> > to install a trojan -- the trojan tunnels to the attacker over an
> > outgoing port that is allowed on the firewall.
> 
> Oh, certainly; I have lots of web browsers running on my servers.
> 
> All The World Is Not A Workstation, guys.

I think the point is that you access your servers from your work station and so if the workstation you use to access the network is compromised then your whole network is potentially compromised.

--
Leigh



______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

References:
- Have they stopped teaching Defense in Depth?
  - From: mysidia at gmail.com (Jimmy Hess)
- Have they stopped teaching Defense in Depth?
  - From: jra at baylink.com (Jay Ashworth)

Prev by Date: Have they stopped teaching Defense in Depth?
Next by Date: Have they stopped teaching Defense in Depth?
Previous by thread: Have they stopped teaching Defense in Depth?
Next by thread: Have they stopped teaching Defense in Depth?
Index(es):
- Date
- Thread