Re: [fw-wiz] Mis-attribution - Re: How automate firewall tests

[Crispin Cowan <crispin@novell.com>]

Chris Blask wrote:
>> Gotta love how Paul and Marcus have taken care of us over
>>     
> the years on the  list.  
>
> As Paul said in a side note, he's not a fan of socialism
> (neither am I).  I thanked him for letting me make my own
> mistakes, f***ing pisses me off when committees force
> security on me.
>   
So you're not a fan of mandatory access controls then? :)

I'm not in favor of paternalistic governments either, but there are
cases for mandatory controls:

    * The subjects can't be trusted to defend themselves
          o children need to be protected from themselves for at least
            10 years
    * The subjects are too valuable to be lost
          o VIPs are actually subject to orders from their bodyguard
            staff under emergency conditions
    * The subjects self-carelessness actually pollutes the space of
      those around them
          o drivers who won't wear seatbelts increase health insurance
            costs for the rest of us
          o vulnerable software can be used to corrupt the rest of the
            system; need application security policies (AppArmor)
          o careless users may disclose organizational secrets; need
            mandatory disclosure policy (MLS)
          o careless users may bring infection into the organization;
            need network access control (Cisco CSA)

My personal favorite paternalistic government issue: drugs. I want all
drugs legalized; the expense to society to try to control weed, heroin,
meth, etc. greatly exceed the damage caused by these substances. OTOH, I
want *strong* controls on antibiotics: idiots abusing antibiotics breed
antibiotic-resistant germs, which threaten all of us.

Caveat: my views on drug controls, and pretty much anything else, do not
reflect Novell's views.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hack: adroit engineering solution to an unanticipated problem
     Hacker: one who is adroit at pounding round pegs into square holes


_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards