Educause Security Discussion mailing list archives
Re: Stateful Perimeter Firewall
From: Cal Frye <cjf () CALFRYE COM>
Date: Tue, 13 Oct 2009 14:36:45 -0400
Bruce Curtis wrote:
In our environment a large percentage of the computers on our network, perhaps even a majority, leave campus every night and go somewhere beyond the "protection" of a perimeter firewall, and then they come back the next day.
We use multiple firewalls, defining the "perimeter" at several locations in the network, depending on what we're protecting from whom. Not to denigrate host-based solutions, but to augment them. It's easier to identify an intrusion when one compromised machine is in protected space than sorting it out from a sea of log entries -- you can enhance the signal, or lower the noise. -- Celebrating the 150th anniversary of the publication of the Origin of Species. -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! www.calfrye.com, www.pitalabs.com "When I can no longer bear my loneliness I take it to my friends." --Mechtild of Magdeburg.
Current thread:
- Re: Stateful Perimeter Firewall, (continued)
- Re: Stateful Perimeter Firewall Matthew Gracie (Oct 13)
- Re: Stateful Perimeter Firewall Gary Dobbins (Oct 13)
- Re: Stateful Perimeter Firewall Greene, Chip (Oct 13)
- Re: Stateful Perimeter Firewall Parker, Ron (Oct 13)
- Re: Stateful Perimeter Firewall Di Fabio, Andrea (Oct 13)
- Re: Stateful Perimeter Firewall Jones, Dan (Oct 13)
- Re: Stateful Perimeter Firewall Joe St Sauver (Oct 13)
- Re: Stateful Perimeter Firewall Matthew Wollenweber (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Bruce Curtis (Oct 13)
- Re: Stateful Perimeter Firewall Cal Frye (Oct 13)
- Re: Stateful Perimeter Firewall Flynn, Gerald (Oct 14)