|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Fri, 18 Apr 2014 23:29:40 -0400 From: Jeff Kell <jeff-kell@utc.edu> To: "Dobbins, Roland" <rdobbins@arbor.net>, "nanog@nanog.org" <nanog@nanog.org> In-Reply-To: <0CFB0993-B486-451D-BF22-C7309E3406AC@arbor.net> Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On 4/18/2014 10:10 PM, Dobbins, Roland wrote: > On Apr 19, 2014, at 9:04 AM, Jeff Kell <jeff-kell@utc.edu> wrote: > >> It's how we provide access control. > Firewalls <> 'access control'. > > Firewalls are one (generally, very poor and grossly misused) way of providing access control. They're often wedged in where stateless ACLs in hardware-based routers and/or layer-3 switches would do a much better job, such as in front of servers: I call BS... what do you expect closes the gap, host firewalls? Most 3rd party crap has no firewalls and gets no specific rules for local LANs or authorized users. Firewalls are front-line defense, for the crap that is too generic / misconfigured to protect itself. And there are tons of these. Anyone ever pentested you? It's an enlightening experience. Jeff
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |