On 3 Feb 2002, at 22:18, Paul A. Henry wrote: > Or you could try something that is surprisingly novel / > innovative in the industry today..... work with the client to > establish / define a security policy that mitigates the risks that > the company is really exposed to...... Then and only then; Purchase > a firewall that meets the requirements outlined and set forth by the > security policy.
There are actually two significant sub-variants to this: 1. A firewall product is selected, and its capabilities (or the client's understanding of them) determines what policies are enfocible and to what extent. This can be a poor fit to the client's actual *needs*, but is better than several alternatives including "nothing" and "security through obscurity". 2. Management, concerned that they need to "do something about security", purchases and installs a firewall. No effort is made to formulate policy or monitor its operation, but those in charge sleep better at night knowing the box is there. DG _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
