>From firewalls-owner @
COM Fri Sep 8 13:18:06 1995
>From: ris1!nmti .
>Date: Fri, 8 Sep 95 15:27:19 -0400
>OK folks, imagine there was to be a firewall certification authority. Who
>would you want them to be? Who do you trust?
I thought we already went through this last month :-(
"Trust but verify independantly" is the common auditors approach.
"Trust no one" is the common thinking on firewalls. Please don't get me
wrong, its not that reputable firewall vendors and code writers are not
striving for 100% safe. Its just that anyone can make a mistake
(I'm probably making one right now by getting sucked into this)
So how do you sleep at night?
Well imho you sleep by first learning to live with a little risk
and second by giving yourself more than one layer of protection.
The "onion" approach to security. :-)
Multiple layers, and not all the layers being equal or from the same vendor
will give you a better chance at detecting intrusions, and a better change
at stopping the intrusion before it costs you/your-company significant
Place your more sensative data ($$$) closer to the center of the onion
and the "more public" (less $$$) closer towards the outside of the onion
and you will start getting warm-n-fuzzy and be able to sleep better.
The reason I use the onion model is because like an onion the more layers
you make users peel away to get to the data they need the more they are
going to cry about it :-).
Brad Powell : brad .
Sr. Network Security Consultant
SunNetworks, Sun Microsystems Inc.
The views expressed are those of the author and may
not reflect the views of Sun Microsystems Inc.