[Discussion] Features - egress

Matt Jonkman jonkman at jonkmans.com
Fri Oct 17 19:36:16 UTC 2008


John Ives wrote:
>> Allow me to throw in a strong push for including egress scanning and analysis.  We 
>> tend to get fixated on the traditional bastion position, with the bad guys all on the 
>> outside and everything inside is pure.  In the current malware-rich environment 
>> that is untenable.  We also can gain a lot more granular information (in addition 
>> to the defence-in-depth backstop) from egress scanning, since we have a much 
>> batter idea of what *should* be leaving our nets.
> 
> Speak for yourself :)
> 
> My long standing and still somewhat accurate joke is that we try to
> protect our students from the Internet less than we try to protect the
> Internet from our students.

Both valid security stances, which I think makes the point that we have
to build tools to look both ways. Both to protect from outside direct
attack, and warn us when we're the problem. It'd be an interesting alert
to have your perimeter defenses pop up an alert telling you that the
reputation of an IP in your range is suddenly getting a bad reputation
in a certain category.

But knowing the reputation of berkeley students, I think you SHOULD be
protecting the internet from your students. :)

Matt

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Discussion mailing list