[45975] in North American Network Operators' Group
Re: Telco's write best practices for packet switching networks
daemon@ATHENA.MIT.EDU (Rob Quinn)
Wed Mar 6 10:36:55 2002
Date: Wed, 6 Mar 2002 10:35:24 -0500
From: Rob Quinn <rquinn@sec.sprint.net>
To: nanog@merit.edu
Message-ID: <20020306103524.A15441@sec.sprint.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <gu9ofi1rcwe.fsf@rampart.argfrp.us.uu.net>; from ericb@UU.NET on Wed, Mar 06, 2002 at 02:25:53PM +0000
Errors-To: owner-nanog-outgoing@merit.edu
> When you've got a deployed server, run by clueful people, dedicated to a
> single task, firewalls are not the way to go.
Probably. And I would certainly rate "clueful people" _far_ above a firewall
when it comes times to prioritize your security needs and resources.
> What are you going to do with a firewall?
Compared to your average application, firewalls often have
-better logging (more detail, adjustable, not on the vulnerable device);
-vendors focused on security;
-add-ons like IDS that can benefit from the superior logs;
-firewall admins focused on security and who do security every day;
-better response capability for unplanned/unanticipated security issues.
> chose a resilient and flame tested daemon, and watch the patchlist for it.
You've never seen a security vendor come out with a patch or workaround before
an application vendor?
--
| Opinions are _mine_, facts Rob Quinn |
| are facts. (703)689-6582 |
| rquinn @ sec.sprint.net |
| Sprint Corporate Security |
| Computer Incident Response Team |
