The thing is what do you want your firewall to do? What do you understand a firewall does? ( no marketing speels. )
Hardening and Firewalling are two completely different things. It's like comparing apples and oranges. But they go hand in hand with securing your site. Generally if you use a server as a firewall you will be required to harden it before you install the software. To ensure that you have limited the chance or the opportunity for someone to gain control of the box. You need to have a good firewall (to me it doesn't matter if it's ipchains, iptables, checkpoint-1, gauntlet, etc ) as long is it suits your needs, and is as flexable as your security analyst. But you also need to have machines that reside on your DMZ harden and patched wit security updates. To my knowledge and it is limited :) firewalls are not virus scanners so therefore how are you going to protect your mail servers from exploits, and the same for IIS servers? This is where hardening and patching comes in to the game as well. Essentially to me it is not one for the other. It is both or nothing. Kevin -----Original Message----- From: Omar Koudsi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 8 January 2002 11:30 AM To: [EMAIL PROTECTED] Subject: Hardening VS firewalling ? OK, I know this is more of a theoretical debate, because in reality we are able and should do BOTH. But according to you, which is more important? Paying attention to having great firewall with a great ACL more than hardening and patching the systems? Or not have to worry about the firewall or having one at all and concentrate on applying best practices to OS/APPS and making sure the OS/APPS is up date on patches? In the unlikely event that you had to choose one over the other (or some people would argue that this is a reality since time is limited and you can really concentrate on one) , which one would it be and why? Regards, ----------- Omar Koudsi IT Architect Network Security Center Special Systems Company http://security.sscjo.com [EMAIL PROTECTED] Tel: (9626) 5664221 Fax: (9626) 5681557
