My knowledge of network security is mostly theoretical as I'm new to the field, but let me share my mental model with you.
Let's use this analogy: The king of your local village has commanded you to protect the subjects from the barbarian horde. There are several methods you might use. You could "harden" each cottage in the village, installing shutters on the windows and big heavy doors. You will also have to teach the villagers to defend themselves and pass out swords and armor. This allows the barbarians to run through the streets and bang on any door they want to without being able to get in. The problem with this method is that there are a lot of barbarians and only one of you. You're going to be very busy making sure that all of the cottages have the latest in shutters and locks. You'll also have the problem of clever barbarians tricking your villagers into opening their doors anyway. The other option is to build a big wall around the village with a single gate through which all traffic must pass. Now it doesn't matter how many barbarians there are, you can stop most of them at the gate. Some may tunnel under the wall, or sneak in disguised as villagers, but the number of barbarians who are in a position to cause trouble is reduced. Of course you should do both. If you're starting from nothing, that is, a completely unguarded network with insecure applications and unpatched OS's it seems to me that a firewall is a good place to *start*. A better solution would be to unplug the router until you have the network secured, but that's almost never an option. - Wayne Johnson -----Original Message----- From: Robert D. Hughes [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 12:25 AM To: [EMAIL PROTECTED] Subject: RE: Hardening VS firewalling ? Welp, there was a discussion bordering on a religious war here not too long ago about this very subject. I will, again, state my views. Hopefully this time, without arousing the ire of the other list participants :) I would say that hardening the OS/Apps (including logins, protocols, etc.) is by far the most important. I have seen far too many networks where the admins did little if anything to harden the internal systems. Once the intruder got past the perimeter defenses, they invariably had a field day. I believe the technical term for this setup is "the network that's crunchy on the outside, and chewy on the inside". Conversely, I've seen networks with firewalls that did little more than filter broadcast traffic, but with fully hardened systems that intruders couldn't get into. -----Original Message----- From: Omar Koudsi [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 6:30 PM To: [EMAIL PROTECTED] Subject: Hardening VS firewalling ? OK, I know this is more of a theoretical debate, because in reality we are able and should do BOTH. But according to you, which is more important? Paying attention to having great firewall with a great ACL more than hardening and patching the systems? Or not have to worry about the firewall or having one at all and concentrate on applying best practices to OS/APPS and making sure the OS/APPS is up date on patches? In the unlikely event that you had to choose one over the other (or some people would argue that this is a reality since time is limited and you can really concentrate on one) , which one would it be and why? Regards, ----------- Omar Koudsi IT Architect Network Security Center Special Systems Company http://security.sscjo.com [EMAIL PROTECTED] Tel: (9626) 5664221 Fax: (9626) 5681557
