On Mon, Jul 25, 2005 at 10:05:32PM -0700, Bruno Delbono wrote: > > how much truth is actually in this article??? > It makes a lot of sense and is right on. What I take out of this article is > that having one single firewall (can be any type: network, application etc.) > at the perimeter doesn't stop hackers.
It does look like the "before" situation in the article is one where there is only one firewall that separates the LAN from the Internet, and everything on the LAN is treated equally, workstations and servers alike. Generally, that is a bad situation. So, the advice to put different types of machines into different (protected) networks is good. Many people wouldn't go as far as entirely eliminating the outside firewall though; although he says that the desktops run "secure OSes" he also mentions Active Directory. Some would say those two terms don't go well together. :-) > I don't see what really alarmed you? The author makes excellent points and I > agree with the him. I also agree, except for the part of eliminating the externally facing firewall entirely. -- Jurjen Oskam