My Photo

« Where have all the Quad A's gone? A post World IPv6 day look at the DNS | Main | My $.02 on the spike in hacking »

Tuesday, 19 July 2011


Feed You can follow this conversation by subscribing to the comment feed for this post.

Hi Bill,

Thanks for the post. Yes, if you map the window/door analog onto home or SMB networks, the initial intrusion does indeed breach the firewall. In the article, we talk about containment. The interior doors of a home are poor analogs for layered security. You correctly point out that additional security measures are needed to contain the intruder to the room he's breached. (We might also have talked about preventing the theft of items in the breached room - "exfiltration" of data from SMB networks - but I'll save this for another article.)

This issue of zero-day vulnerabilities certainly accentuates the need for multiple layers of protection. The average home pc or small business user who believes they are trying to safeguard themselves is increasingly vulnerable to these types of attack because they tend to rely so heavily on one 'gold-plated', super-duper internet security package rather than taking a layered approach. Your analogy of the open window and preventing access to the rest of the house is a succinct one, but the firewall is essentially breached. If the intruder then has to break through a series of firedoors you at least have a chance to contain the bugger!

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)