Firewall Wizards mailing list archives
Re: Firewall administration
From: Anton J Aylward <anton () toronto com>
Date: Mon, 06 Oct 1997 23:55:31 -0400
At 12:44 PM 06/10/97 -0400, David Collier-Brown wrote: ## Reply Start ##
Rik Farrow wrote:And services like NFS, which has an authentication mechanism so weak as to be almost useless (similar to CIFS) does not belong in this list. Having a warning would be akin to having a sticker on the dashboard which reads: "Warning: due to the bad design of the doorlocking mechanism, passengers may fall out when turning corners."From the security officer's point of view, there are two enemies: the attacker and his own management. It is very important that one can say ``you ordered me to throw Sam out of the car'' when management complains about the effects of opening the hole they asked for last week. It's even more important to be able to send them a form to sign which says ``Turning on cornering will result in the inadvertant ejection of passengers. I authorize this as an officer of the company''.
BRAVO DC-B, BRAVO! This is what POLICY is all about. It is also what being a security officer is about, that is taking the form to management and making them sign it. By implication it also means you have to restrict access to the firewall configurator, that is keep it out of the hands of anyone who isn't willing to either sign that form or demand that an officer sign it. And yes, I have been at sites where ANY of the network, host or novell administrators can change the firewall config, and did so without consultation or logging. Nightmare time! /anton - who wonders what the firewall configurator's equivalent of the phrase "Code! What that's the _last_ thing I'll do" would be. ## Reply End ##
Current thread:
- Re: Firewall administration Rik Farrow (Oct 06)
- Re: Firewall administration David Collier-Brown (Oct 06)
- Re: Firewall administration Bennett Todd (Oct 07)
- Sidebar re idiots (was Firewall administration) David Collier-Brown (Oct 07)
- Re: Firewall administration Bennett Todd (Oct 07)
- <Possible follow-ups>
- Re: Firewall administration Anton J Aylward (Oct 07)
- Re: Firewall administration Anton J Aylward (Oct 07)
- RE: Firewall Administration Steve Kruse (Oct 12)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall Administration Larry J. Hughes Jr. (Oct 13)
- Re: Firewall Administration Rudolf Schreiner (Oct 14)
- Re: Firewall Administration Bennett Todd (Oct 15)
- Re: Firewall Administration P.Y BONNETAIN (Oct 14)
- Re: Firewall Administration P.Y BONNETAIN (Oct 12)
- Re: Firewall administration David Collier-Brown (Oct 06)