> OK, I know this is more of a theoretical debate, because in reality we > are able and should do BOTH. > > > But according to you, which is more important? Paying attention to > having great firewall with a great ACL more than hardening > and patching > the systems? Or not have to worry about the firewall or having one at > all and concentrate on applying best practices to OS/APPS and making > sure the OS/APPS is up date on patches?
I think its no real redundancy between both techniques. You should always harden up your system, because most systems are offering their services to the public. Your Firewall - if you can afford it - may inspect traffic to those allowed services, but thats similar to virus scanners (they dont catch everything). If your Server is open to the public the public can do bad things on that port and you cannot close it. The firewall comes in play when filtering obviously bad packets and if you want to select only a few clients that may connect (though this can be done mostly on the server itself, too). It can do even more, maybe with some IDS, but if it detects some bad traffic it could be to late already. You see, for Clients your firewall setup may become more important - [though some Users may insist on patching up to prevent some bluescreens] but for servers hardening must be done as long as they are opposed to somebody you cant trust. I wont prefer any in general, its based on the preferences. If your servers connect to an internal DB-Server that is completely blocked by the firewall, dont spend to much on hardening it, but if you allow ssh to from outside, dont hesitate to patch it up if necessary. Have Fun, CU Boris Koslowski
