I think that a lot of IT people with little security training think that a firewall is an all in one solution. I used to work for a place that thought because they had a firewall everything was safe. They didn't keep up on their policies, they didn't check the logs and they didn't patch their systems. I tried to tell them that if the WWW service running on port 80 that the firewall lets in is vulnerable, a firewall won't do jack. They didn't listen :)
<<< "leon" <[EMAIL PROTECTED]> 1/13 11:56a >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 People commonly compare security to an onion as both are layered. Firewalling is one layer, hardening is another layer, ids is yet another layer, then you have physical security, strong authentication, yadda yadda However once you start having layers security becomes more like a chain (only as strong as your weakest link). So I am not saving don't have layers (the more layers the better) just don't assume because you have a firewall you don't need to harden (or any combination; I have an ids and a firewall who needs to patch?) Hope everyone is having a nice weekend, Leon - -----Original Message----- From: Octavio / Super [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 08, 2002 4:57 AM To: Omar Koudsi; [EMAIL PROTECTED] Subject: Re: Hardening VS firewalling ? If I have to choose _only_ one, then I would go for security patches, but if I use time optimization as a base for my decision, then I would firewall to deny everything except explicitly necessary services and then I would security-patch all of those explicitly allowed services. If time is not of my concern, I would to that, plus I would develop security policies, like more secure passwords, secure practices, I would have the employees/students take a course on computing culture, etc. Octavio. At 02:29 a.m. 08/01/2002 0200, Omar Koudsi wrote: >OK, I know this is more of a theoretical debate, because in reality >we are able and should do BOTH. > > >But according to you, which is more important? Paying attention to >having great firewall with a great ACL more than hardening and >patching the systems? Or not have to worry about the firewall or >having one at all and concentrate on applying best practices to >OS/APPS and making sure the OS/APPS is up date on patches? > >In the unlikely event that you had to choose one over the other (or >some people would argue that this is a reality since time is limited >and you can really concentrate on one) , which one would it be and >why? > >Regards, > > >----------- >Omar Koudsi >IT Architect >Network Security Center >Special Systems Company >http://security.sscjo.com >[EMAIL PROTECTED] >Tel: (9626) 5664221 >Fax: (9626) 5681557 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPEG8V9qAgf0xoaEuEQItGwCgihAJaZTKgQlprIdKzyqINdwli2gAoMwE TmDjLGFusezF 98EdOn7hU 5 =frma -----END PGP SIGNATURE-----