This isn't so much a list of misconceptions that recent students have as a list of misconceptions that security management haveā¦
On 15 Feb 2012, at 22:52, Rich Kulawiec wrote: > ICMP is evil. > Firewalls can be configured default-permit. > Firewalls can be configured unidirectionally. > Firewalls will solve our security issues. > Antivirus will solve our security issues. > IDS/IPS will solve our security issues. > Audits and checklists will solve our security issues. > Our network will never emit abuse or attacks. > Our users can be trained. > We must do something; this is something; let's do this. > We can add security later. > We're not a target. > We don't need to read our logs. > What logs? > > (with apologies to Marcus Ranum, from whom I've shamelessly > cribbed several of these) > > ---rsk >