[76673] in North American Network Operators' Group
Re: New Computer? Six Steps to Safer Surfing
daemon@ATHENA.MIT.EDU (Fred Baker)
Mon Dec 20 12:07:20 2004
Date: Mon, 20 Dec 2004 09:05:00 -0800
To: Sean Donelan <sean@donelan.com>
From: Fred Baker <fred@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0412182057110.28470@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 09:14 PM 12/18/04 -0500, Sean Donelan wrote:
>I wouldn't rely on software firewalls. At the same store you buy your
>computer, also buy a hardware firewall. Hopefully soon the motherboard
>and NIC manufacturers will start including built-in hardware firewalls.
I guess my question is: why rely on a firewall at all? Yes, a firewall at
ingress to a network will reduce the probability or effectiveness of an
attack from "outside" in many cases. But in many cases the infection is
from "inside", and in any event something in the network or in the end
system at the edge of the network can only really address link and network
layer attacks effectively.
I personally would far rather presume that the end system is responsible
for its own security, and that there are security considerations at every
layer. Reduce the incidence and track attacks with network-based tools, but
in the final analysis build the applications and stack code to withstand
attacks.
