On Sun, 2003-09-28 at 13:04, Michal Zalewski wrote: > I'd argue... many vendors [...] > provide integrated corporation-wide mechanisms for enforcing group > firewalling, access and logging/IDS policies on workstations or groups of > workstations (and, why not, also servers). > [...] > The technology is there. It takes some effort to use it and do it > correctly, of course. Michal, I think Paul's sentiment was that current efforts are focused on networks, IP addresses, firewalls, protocols, etc, basically focusing on the _transport_ of data. I think what we need are better mechanism to protect the _data_ itself, not just the transport/protocol of it. I'm not talking about Palladium crap, but more in the direction of more efficient ACL's, RBAC, and finer system level control. We *can* harden the chewy insides by applying better controls. (All too often I see networks with Share and File/Dir permissions being Everyone-Full_Access...). Paul, feel free to disagree if I put words in your mouth ;) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part