sgcccdc @
citec .
qld .
gov .
au (Colin Campbell) writes:
# Eliot Lear [lear @
sgi .
com] wrote (amongst other things) ...
# >
# > Let's face it. Firewalls impede functionality. If, however, you
# > prefer to live with them, we vendors will be happy to work on other
# > projects.
# >
# Project suggestion: `You vendors' plug ALL the holes in ALL (not just
# the latest) versions of your operating systems, to the point where
# firewalls are no longer necessary.
That would certainly help, but I don't think it would be sufficient.
Even if the operating systems were bug-free, the configuration of them
done in the field by sysadmins like you and me almost certainly
wouldn't be.
It's much easier to maintain one firewall than umpteen hundred (or
thousand) configurations on individual machines behind that firewall.
Eliot's right, firewalls impede functionality, but I don't think
that's necessarily a disadvantage.
There are many cases where I _want_ the functionality to be impeded,
because I want a "belt and suspenders" approach to security. I want
to secure things on the individual hosts, _and_ I want a firewall to
guard against these same things which should, in theory, "never
happen".
-Brent
--
Brent Chapman Great Circle Associates
Brent @
GreatCircle .
COM 1057 West Dana Street
+1 415 962 0841 Mountain View, CA 94041
|
|
