[68845] in North American Network Operators' Group
Re: Firewall opinions wanted please
daemon@ATHENA.MIT.EDU (Erik Haagsman)
Wed Mar 17 16:09:19 2004
From: Erik Haagsman <erik@we-dare.net>
Reply-To: erik@we-dare.net
To: bep@whack.org
Cc: Petri Helenius <pete@he.iki.fi>, Rachael Treu <rara@navigo.com>,
Gregory Taylor <greg@xwb.com>, nanog@merit.edu
In-Reply-To: <4058B896.7090208@whack.org>
Date: Wed, 17 Mar 2004 22:08:39 +0100
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 2004-03-17 at 21:44, Bruce Pinsky wrote:
> Everything I've ever read about security (network or otherwise) suggests
> that a layered approach increases effectiveness. I certainly don't trust a
> firewall appliance as my only security device, so I also do prudent things
> like disable ports and applications that are not in use on my network and
> enforce authentication and authorization for access to legitimate services.
Good point...and that's exactly why in some cases, especially in SOHO
and SMB oriented products, both hardware as well as software vendors can
be part of the security problem by advertising their products as the
definite solution to all security holes. Truely securing even a single
server or host connected to the Internet entails a lot more than just
blocking a few ports, let alone securing a network. By marketing "the
perfect solution" to no-too-clueful admins the actual security holes
only get bigger and harder to track.
--
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31.10.7507008
fax: +31.10.7507005
http://www.we-dare.nl
