[4335] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Phillip M Hallam-Baker)
Tue Feb 11 03:03:43 1997
From: "Phillip M Hallam-Baker" <hallam@ai.mit.edu>
To: <mjr@clark.net>, <dennis.glatting@plaintalk.bellevue.wa.us>,
"Anton J Aylward" <anton@the-wire.com>
Cc: "Paul F. Haskell" <phaskell@skyserv1.med.osd.mil>,
<www-security@ns2.rutgers.edu>
Date: Sun, 9 Feb 1997 22:44:11 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
> > >Fire walls are not a panacea. The main idea of a firewall is
> > >to allow control of the information going _out_ of a company.
>
> Minor nit -- Firewalls are best at controlling access INTO a
> company, not at controlling information flow OUT of a company.
Not so I used to share an office with Jim Gettys who co-created X11
and developed the original DEC firewall. He was very clear on having
started from a security assumption that the internal net was
compromised. The task was to limit the bandwidth from the inside to
the outside.
> Traditionally, they have been good access control systems
> and terrible information control systems. I've been working
> with firewalls for a while now, and every time I've run across
> an installation that was an attempt to do information flow
> control, I've found unhappiness. About all firewalls are good
> at is gross-level hack-prevention.
Perhaps so, the problem is that people tend to confuse the best tool
they can find for security.
Phill
