Common operational misconceptions

Chris Campbell chris at ctcampbell.com
Thu Feb 16 04:26:26 CST 2012


This isn't so much a list of misconceptions that recent students have as a list of misconceptions that security management have…

On 15 Feb 2012, at 22:52, Rich Kulawiec wrote:

> ICMP is evil.
> Firewalls can be configured default-permit.
> Firewalls can be configured unidirectionally.
> Firewalls will solve our security issues.
> Antivirus will solve our security issues.
> IDS/IPS will solve our security issues.
> Audits and checklists will solve our security issues.
> Our network will never emit abuse or attacks.
> Our users can be trained.
> We must do something; this is something; let's do this.
> We can add security later.
> We're not a target.
> We don't need to read our logs.
> What logs?
> 
> (with apologies to Marcus Ranum, from whom I've shamelessly
> cribbed several of these)
> 
> ---rsk
> 




More information about the NANOG mailing list