[149820] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Chris Campbell)
Thu Feb 16 05:27:32 2012
From: Chris Campbell <chris@ctcampbell.com>
In-Reply-To: <20120215225244.GA25272@gsp.org>
Date: Thu, 16 Feb 2012 10:26:26 +0000
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This isn't so much a list of misconceptions that recent students have as =
a list of misconceptions that security management have=85
On 15 Feb 2012, at 22:52, Rich Kulawiec wrote:
> ICMP is evil.
> Firewalls can be configured default-permit.
> Firewalls can be configured unidirectionally.
> Firewalls will solve our security issues.
> Antivirus will solve our security issues.
> IDS/IPS will solve our security issues.
> Audits and checklists will solve our security issues.
> Our network will never emit abuse or attacks.
> Our users can be trained.
> We must do something; this is something; let's do this.
> We can add security later.
> We're not a target.
> We don't need to read our logs.
> What logs?
>=20
> (with apologies to Marcus Ranum, from whom I've shamelessly
> cribbed several of these)
>=20
> ---rsk
>=20
