Even more fundamental is the realization that you simply can't
protect everything and that global network security perimeters
are less and less effective.
We need to get back to the basics of risk management based upon
data sensitivity and protecting what is important while
facilitating access to that which should be shared.
As a designer of firewalls when the term was foreign, firewalls
are about blocking access not enabling it. As companies communicate
more and more richly then firewalls with a poorly secure internal
network become / are a major risk.
A distributed security architecture is required not just a solid
wall.
I can penetrate the wall and while the guards are looking outwardly
make off with the gold without detection.
;-)
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 18, 2001 1:05 PM
> To: '[EMAIL PROTECTED]'
> Subject: Re: Firewalls, packet filters, proxies, etc
>
>
>
> Hi,
>
> >Companies must eliminate the mindset that any one firewall
> is their answer
> >to being protected. It takes a combination of different
> software, hardware
> >and good people that want to continue to learn.
>
> Hear, hear! No one firewall, no one IDS, and no "one" of
> anything other
> >component< is the answer. But I'd even take your conclusion a step
> further, and say not only is it good people that want to
> continue to learn,
> but good people that want to continue to teach. You can build
> a wonderful
> system with IDS's, firewalls, screening routers, DMZs, authentication
> tokens and the like, and none of it will help if you don't include the
> social engineering component. All of the equipment and the
> skilled system
> administrators won't help if the receptionist believes that
> the guy on the
> phone really is testing something on the database server and
> they need her
> password...
>
> Mark
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
