Phil rote:
>The observation is this: Firewalls encourage professional laziness.
Sure, just the same as a locked door may never be tested if there is
no professional guard force whose job is to test locks (small digression:
I do not work for the data center, my position is in the Security Department
by design. Part of my job is to rattle the doors and make a report when
one opens).
To me a firewall has two purposes:
1) Block unwanted packets
2) Report occurences of blocked packets.
Further, neither is known to be effective unless it is periodically tested.
The situation Phil is referring to is one in which step 1 is all that is done,
often because it is less bother (true) but leaves itself open to unnoticed
compromise.
Personally, I like to know when packets are blocked because it is either
someone trying to do "something" or else it is someone who did something in
error. In both cases I want to know about it to make sure that it does not
happen again.
Consider the case of someone on the outside trying to telnet to my router. To
me it is not enough to simply block it, I want to know that it happened and
what the source was. Further, if it is a reported domain, I may want to send
a copy of the report to the owner of *that* system as well.
The reason we put uniforms on guards and write reports is to act as a
deterrrent. It works.
Warmly,
Padgett
|
|
