nanog mailing list archives
Re: Firewall opinions wanted please
From: Erik Haagsman <erik () we-dare net>
Date: Wed, 17 Mar 2004 22:08:39 +0100
On Wed, 2004-03-17 at 21:44, Bruce Pinsky wrote:
Everything I've ever read about security (network or otherwise) suggests that a layered approach increases effectiveness. I certainly don't trust a firewall appliance as my only security device, so I also do prudent things like disable ports and applications that are not in use on my network and enforce authentication and authorization for access to legitimate services.
Good point...and that's exactly why in some cases, especially in SOHO and SMB oriented products, both hardware as well as software vendors can be part of the security problem by advertising their products as the definite solution to all security holes. Truely securing even a single server or host connected to the Internet entails a lot more than just blocking a few ports, let alone securing a network. By marketing "the perfect solution" to no-too-clueful admins the actual security holes only get bigger and harder to track. -- --- Erik Haagsman Network Architect We Dare BV tel: +31.10.7507008 fax: +31.10.7507005 http://www.we-dare.nl
Current thread:
- Re: Firewall opinions wanted please, (continued)
- Re: Firewall opinions wanted please bill (Mar 17)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Peter Galbavy (Mar 18)
- Message not available
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Eric Gauthier (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Petri Helenius (Mar 17)
- Re: Firewall opinions wanted please Erik Haagsman (Mar 17)
- Re: Firewall opinions wanted please Bruce Pinsky (Mar 17)
- Re: Firewall opinions wanted please Erik Haagsman (Mar 17)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Steven M. Bellovin (Mar 17)
- Re: Firewall opinions wanted please bill (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Steven M. Bellovin (Mar 17)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Chris Brenton (Mar 18)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 18)
- Re: Firewall opinions wanted please Chris Brenton (Mar 18)