Firewall Wizards mailing list archives
Re: tunnel vs open a hole
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sun, 06 Apr 2003 21:12:13 -0400
Barney Wolff wrote:
In the good old days, the definition of "firewall" was "that which implements your security policy" rather than "the box with that label".
Hey!!! I remember that definition!! <LOL> .. I ought to.....
The implication of this reasoning is clear: If you don't control the internal tunnel endpoint(s), you don't control your security policy.
Yup. The problem is that there's so much shovelware, spyware, trojanware, and social-engineerware that you DON'T really control the endpoints, you just think you do. I've seen waaaay too many companies think "we have a firewall, so we don't need to worry" - and not have antivirus software on their interior machines because they are "safe" behind the firewall. It's scary. :( We made a big mistake when we started building firewalls that allowed outgoing connections that were not individually authenticated and associated with a human user's request. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application requires VPN - How are these handled? Michele Jordan (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mike Scher (Apr 02)
- tunnel vs open a hole Anton A. Chuvakin (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Barney Wolff (Apr 06)
- Re: tunnel vs open a hole Marcus J. Ranum (Apr 06)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: tunnel vs open a hole Barney Wolff (Apr 07)
- Re: tunnel vs open a hole Crispin Cowan (Apr 07)
- Re: Application requires VPN - How are these handled? Paul Robertson (Apr 01)
- Re: Application requires VPN - How are these handled? Mikael Olsson (Apr 01)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 08)
- Re: tunnel vs open a hole Dave Piscitello (Apr 08)
- Re: tunnel vs open a hole Frederick M Avolio (Apr 09)
- Re: tunnel vs open a hole Frank Knobbe (Apr 08)
- Re: tunnel vs open a hole Adam Shostack (Apr 06)