On Thu, 1 Feb 1996, Ed Woodrick wrote:
> I know that this is probably a radical answer, but what about using =
> Novel access permissions to restrict access to the data? I don't know =
> why you would want to go to the trouble of putting up firewalls when =
> just a simple permission change should work. It's a lot easier and I =
> expect a lot safer to perform security at the operating system level =
> than at the network level.
That goes back to the host-level security vs. network-level security.
There are many good reasons why host-level security is not usually
feasible, the biggest being that it is not very scalable. For every new
machine you install and attach to the LAN, you have to implement security
measures. One also assumes that each individual on each host does not have
the ability or knowledge to change the host-level security features.
With network-level security, there is (theoretically) one point of
potential access, which can be (theoretically) maintained by one entity
(whether it's one person or one group of people) who can (again,
theoretically) ensure that security policies are adhered to.
Chris Woods Systems Administrator
com Paladin Computing Solutions
"Never underestimate the destructive power of a backhoe." -Brent Chapman