[many people asserting that perfect firewalls exist]
Nah.
I'm with the Mikes.
Faith and Optimism are both dangerous traits in a security person, IMO. One
should never have "faith" that a system is secure because that reduces ones
drive to audit. One should never be optimistic about the likelihood of a
class of attack - that reduces ones comittment to close the hole.
Security is about smart people who are good at assessing risks. Never forget
what a _business_ wants out of security - they want a managed risk position
without spending more money than is required. They don't perfect security -
they want ENOUGH security. It's working out exactly how much is "enough"
that's the hard part.
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
