Educause Security Discussion mailing list archives

Re: Stateful Perimeter Firewall

From: Cal Frye <cjf () CALFRYE COM>
Date: Tue, 13 Oct 2009 14:36:45 -0400

Bruce Curtis wrote:

In our environment a large percentage
of the computers on our network, perhaps even a majority, leave campus
every night and go somewhere beyond the "protection" of a perimeter
firewall, and then they come back the next day.


We use multiple firewalls, defining the "perimeter" at several locations
in the network, depending on what we're protecting from whom. Not to
denigrate host-based solutions, but to augment them.

It's easier to identify an intrusion when one compromised machine is in
protected space than sorting it out from a sea of log entries -- you can
enhance the signal, or lower the noise.

--
Celebrating the 150th anniversary of the publication of the Origin of
Species.
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.pitalabs.com

"When I can no longer bear my loneliness I take it to my friends."
--Mechtild of Magdeburg.

Current thread:

Re: Stateful Perimeter Firewall, (continued)
- Re: Stateful Perimeter Firewall Matthew Gracie (Oct 13)
- Re: Stateful Perimeter Firewall Gary Dobbins (Oct 13)
- Re: Stateful Perimeter Firewall Greene, Chip (Oct 13)
- Re: Stateful Perimeter Firewall Parker, Ron (Oct 13)
- Re: Stateful Perimeter Firewall Di Fabio, Andrea (Oct 13)
- Re: Stateful Perimeter Firewall Jones, Dan (Oct 13)
- Re: Stateful Perimeter Firewall Joe St Sauver (Oct 13)
- Re: Stateful Perimeter Firewall Matthew Wollenweber (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Bruce Curtis (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Flynn, Gerald (Oct 14)