[4382] in WWW Security List Archive
Re: Access Logfile Question
daemon@ATHENA.MIT.EDU (Jeremy Madea)
Wed Feb 12 11:52:51 1997
Date: Wed, 12 Feb 1997 08:35:11 -0500 (EST)
From: Jeremy Madea <jdmadea@cs.millersv.edu>
To: Phillip M Hallam-Baker <hallam@ai.mit.edu>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199702110521.AAA07457@life.ai.mit.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
On Sun, 9 Feb 1997, Phillip M Hallam-Baker wrote:
>
> > > >Fire walls are not a panacea. The main idea of a firewall is
> > > >to allow control of the information going _out_ of a company.
> >
> > Minor nit -- Firewalls are best at controlling access INTO a
> > company, not at controlling information flow OUT of a company.
>
> Not so
[...]
> The task was to limit the bandwidth from the inside to
> the outside.
It seems obvious what the misunderstanding is here...
Firewalls are primarily to control information flow out of a company AND
control access into a company. These two concepts are fundamentally one
and the same. How could you control access in without controlling the
information that goes out? A minor clarification of this: firewalls are
not meant to control the information that a user behind the wall wants to
send out... they are meant to control access to information from the
outside by people w/o help from the inside. I might have trouble getting
through your firewall and stealing your employee records... but if my
cohort works inside your firewall, he'll have no problem sending them to
me. This serves as an excellent reminder that the most important issue in
computer security is the human factor.
