[4313] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Marcus J. Ranum)
Sun Feb 9 22:07:48 1997
From: "Marcus J. Ranum" <mjr@clark.net>
To: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>,
<dennis.glatting@plaintalk.bellevue.wa.us>,
Anton J Aylward <anton@the-wire.com>
Date: Sun, 9 Feb 1997 19:07:25 +0000
Reply-to: mjr@clark.net
CC: "Paul F. Haskell" <phaskell@skyserv1.med.osd.mil>,
<www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
> >Fire walls are not a panacea. The main idea of a firewall is
> >to allow control of the information going _out_ of a company.
Minor nit -- Firewalls are best at controlling access INTO a
company, not at controlling information flow OUT of a company.
Traditionally, they have been good access control systems
and terrible information control systems. I've been working
with firewalls for a while now, and every time I've run across
an installation that was an attempt to do information flow
control, I've found unhappiness. About all firewalls are good
at is gross-level hack-prevention.
mjr.
-----
Marcus J. Ranum, Chief Scientist, V-ONE Corporation
Work: http://www.v-one.com
Personal: http://www.clark.net/pub/mjr
