Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A fun smackdown...

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 19 May 2005 17:45:40 -0400 (EDT)
On Thu, 19 May 2005, Chuck Swiger wrote:


Paul, why *don't* people run their firewalls with a single "deny all"
rule?



Actually, thinking about it, because it's cheaper to just not connect
systems that don't need the risk, and you lose the risk of implementation
errors in the firewall, configuration errors, and it then takes physical
presence to bridge the gap, reducing the rate of attack (which is probably
extremely low anyway.)

Now I've got one for you;  Why do some people run firewalls with a single
"allow all" rule, and what can you do to make that less risky than the
"deny all" example?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: