RE: Code Red: What security specialist don't mention in warnings

["Gautier . Rich" <RGautier () drc com>]

I'd like to say 'Ditto' to Frank's advice, but also probably caveat that
with saying that many places still don't have proper firewalls or packet
filters.  Server farms are probably a good example of this.  People put up
websites at a hosting company for $15/month or what have you, and they don't
get a firewall/security service with that.  They get space on a 'hopefully'
up-to-date patched system.  $15/month doesn't buy them any security.

A lot of network attacks could be prevented by proper firewall techniques at
the ISP level.  Think about spoofed DoS attacks and other source-routed
goodies.  Why should an ISP route anything other than the dialed-in IP
addresses out from a dial-in modem bank?  Why should dial-in customers be
using source routing?  Can't this stuff be contained at the access points to
the Internet with simple packet filters?  

Yes, but they won't...too expensive or too hard for current staff.

Firewalling may solve plenty of problems, but the management problems of
separating the haves and have-nots are a much bigger problem than the one or
two   people who incorrectly configured the firewall.  I'd rather
congratulate someone for even having a firewall than be angry with them for
misconfiguring it.

Richard A. Gautier
http://rgautier.tripod.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards