Re: Facts, not Fiction

[Chris Brenton <cbrenton () sover net>]

Andreas Siegert wrote:

> > -----Forwarded message from Hartmut.Fehling () Hamburg-Mannheimer de-----
> > How far DO YOU (all of you out there) trust the current products to do what
> > they are supposed to do?

> Unless the customer is on an extreme low budget, I alway use a multistage
> design. Anything else would be irresponsible in my opinion.
>
> afx

I guess I have a bit of a problem with blanket statements like this one. It
insinuates that there is a "one size fits all" solution to protecting a network
which is clearly not the case. A risk analysis should be performed in order to
determine what level of security is actually required. Let me throw out a few
examples:

Case 1: A pure Mac shop with an ISDN connection to the Internet. There are no
internal IP services. Users connect through the ISDN connection in order to access
POP mail from an ISP and browse the web.

Case 2: A national bank running the latest UNISYS system with integrated NT
server. System access is via IP. The bank has a T1 connection to the Internet and
wishes to allow customers to administrate their bank accounts via the Internet.

While these two cases are a bit extreme, it's clear that they do not require the
same level of security. A multistage design for case 1 would probably be overkill.
Again, this is all IMO. Insisting that a multistage design is always required so
long as the customer can afford it, rings too much like a sales person who knows
what they want to sell you before they even know what you need.

Cheers,

Chris

******************
cbrenton () sover net
http://www.amazon.com/exec/obidos/ISBN=0782120822/9715-9242453-752818

Nothing is fool-proof to a sufficiently talented fool.