> Marcys J. Ranus Writes:
>
> > Really, one shouldn't be connected in the first place without
> > having already done all that stuff. You only run into the problem of
> > having users complaining that things have changed if you did it wrong
> > the first time.
>
Greg Woods writes:
> I am not trying to start a flame war here, just pointing out that
> you can also get into the problem of having to force users to accept
> changes due to circumstances completely beyond your control, such
> as, the net has changed a lot since we first hooked up. And therefore,
> discussing how to break changes to users is an appropriate subject
> for potential firewall administrators to discuss and the fact that
> it is necessary to discuss it does not necessarily indicate poor planning
> or incompetence on the part of those administrators.
>
No matter what you do to your firewall, it will never be perfect.
There are always going to be things that will need to get changed as
more and newer threats/bugs show up. My personal tack on the
matter of changes has been to notify my users that a problem
exists, and that my change is being made to solve a problem.
If users don't like it, then they need to accept the risks, or
convince their management to accept the risks.
Ususally telling a manager that they will have to allocate X users
for Y hours, with Z hours of overtime to repair the damage usually
solves that problem. (Or... promising to quit if the @#$% hits the
fan because of their poor decisions after you informed them of the
right thing to do.)
>>>>>>>Ericw
|
|
