[55331] in North American Network Operators' Group
Re: management interface accessability (was Re: Worm / UDP1434)
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Mon Jan 27 14:57:28 2003
Date: Mon, 27 Jan 2003 14:56:51 -0500 (EST)
From: alex@yuriev.com
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.33.0301262014170.5234-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
> > their computers on 24x7. They may be infected, and will fire up their
> > VPN tunnels Monday morning. This may introduce the worm into the chewy
> > center of many corporate networks. Hopefully folks have put the proper
> > filters in place on their VPN access points.
>
> Wait, but isn't your corporate network 'secure' cause its got a super kewl
> firewall infront of it??
The problem is not firewall. The firewall is a tool to implement a security
policy. If the security policy is wrong, a firewall wont help you. In fact,
the best demonstration of a firewall is a Cat5 cable. Working cable is a
firewall with Allow:Any security policy. Cut in two, the cable is a firewall
implementing Allow:None security policy.
Alex
