On the GNAC firewall list [EMAIL PROTECTED] wrote:
>Layered firewalls refer to multiple layers of defense with increasingly
>granular rules and an increasingly smaller trust group as you get deeper in
>the organization.
OK.
Isn't that view (essentially concentric security perimeters) a
bit restrictive?
Here at Solsoft we advocate partitioning, which is to say that
we define (usually non-concentric) security domains, each with a
security perimeter.
In fact, we define as many as possible; every time you have
a domain that /can/ be cut off from the rest of the world by
routers or firewalls, and there is even a slight interest in
putting a filter, there goes a filter.
Not only do you protect yourself from the exterior, but you also
protect the accountants, salespeople, production people, network
servers, etc from each other.
After all, I've seen studies say that 80% of computer crime (by
unauthorized computer use) is of internal origin. That's a lot.
Even if it's less, it's still a lot.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
