nanog mailing list archives
Re: I don't need no stinking firewall!
From: William Herrin <herrin-nanog () dirtside com>
Date: Wed, 6 Jan 2010 02:45:17 -0500
On Tue, Jan 5, 2010 at 9:20 PM, Rich Kulawiec <rsk () gsp org> wrote:
A firewall is another layer in a defense-in-depth strategy, but tends to only be truly effective if the first rule in it is deny all from any to any
Not surprisingly, good network security starts with and incorporates the protected users as its most important element. Start with "deny all" and not only won't they work with you, the more creative among them will teach the others how to work around you. I've seen it over and over again and the faulty design always starts with a deny-all mentality. Can you imagine a deny-all mentality in physical security? I'm sorry sir, you can't leave your house until you justify your need to walk down the street. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: I don't need no stinking firewall!, (continued)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Message not available
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Fred Baker (Jan 05)
- Re: I don't need no stinking firewall! Sean Donelan (Jan 05)
- Re: I don't need no stinking firewall! Kenny Sallee (Jan 05)
- Re: I don't need no stinking firewall! Mark Smith (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! Rich Kulawiec (Jan 05)
- Re: I don't need no stinking firewall! William Herrin (Jan 05)
- Re: I don't need no stinking firewall! Jorge Amodio (Jan 05)
- Re: I don't need no stinking firewall! David Hiers (Jan 06)
- RE: I don't need no stinking firewall! Brandon M. Lapointe (Jan 06)
- RE: I don't need no stinking firewall! gb10hkzo-nanog (Jan 06)
- RE: I don't need no stinking firewall! Joel Snyder (Jan 08)