Paul Danielson:
| If the purpose of your firewall is to protect company secrets, then it
| seems to me that allowing any of the common file transfer protocols
| (ftp, gopher, mosaic, etc. etc.) through the firewall is a potential
| breach of your security policy.
I can carry data in or out of the company on tape if I
want to. Do you search your employees as they leave the building?
Basically, I think this comes down to asking for a technical solution to
a human problem.
I see our firewall as being designed to create a clear
distinction between folks who are friends, and those who are not. I
trust our employees & collaborators to not abuse us.
It would be interesting to be able to watch what people run on
each of our machines, but I think it has the potential to become very
big brotherish 'Whats this tinymuck client doing here? Our logs show
you were using it on company time..'
There are companies and organizations who have legitimate
needs to build this kind of security. I don't think that those folks
have much more than cursory uses for firewalls--each of the machines
behind the firewall needs to be carefully maintained an protected as
well. (Not to say that a firewall wouldn't be useful, only that each
host behind it would need to be very carefully maintained, since you
don't trust people behind the firewall.)
Adam
--
Adam Shostack adam @
bwh .
harvard .
edu
Politics. From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.
References:
|
|
