Great Circle Associates Firewalls
(October 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: firewalls and the clue-challenged
From: chris michael <cm @ rmsbus . com>
Date: Sat, 26 Oct 1996 07:12:56 +0700
To: firewalls @ GreatCircle . COM 
I'd like to challenge what seems to be the prevailing attitude of this
group--that you have to be a pocket-protector type geek to *operate* a
firewall.  No doubt many of the people who read this list are involved with
security for large corporations with lots of attractive targets--they
clearly need to be as smart, informed and paranoid as possible.

Let's look at another possibility.  Let's consider a fairly small
company--couple of hundred PC's, a couple of Unix boxes that they run
commercial applications on and an NT server or two.  They use MS Exchange
for e-mail.  They want to connect to the internet for mail, web access and
someday they'll probably put up their own web server.  Their computer
support staff consists of a pc person, someone who writes reports using MS
Access, and an operations person.  

So they want to connect to the Internet.  What are they going to do?
1.  They could call up an ISP, hook up a router and they're on.  No
security at all.
2.  If they're a little more hip they might get their ISP to put some
filters on their router giving them some limited security from the most
simple of attacks.
3.  They might hire a consultant to come install a firewall.  Assuming it's
a good firewall and correctly configured this gives them orders of
magnitude more protection than the first and second options even if they
don't really understand its operation.  Gauntlet, the firewall I'm most
familiar with, once installed seems to just keep running and cranking out
those daily reports.  How much more does the average company need than
that?  I'd argue that they're far more at risk from other kinds of attacks
than from someone getting through the firewall.

So it seems to me that we should applaud the efforts of people who are
struggling to do the right thing in an environment that doesn't support the
theoretically correct solution of having a security expert on staff.  I'm
not saying that we shouldn't point out that people need to seek
professional assistance, but that we recognize that not everyone needs to
be or can afford to be as secure as an ATT&T or an IBM.

Just my 2 cents.  ;-)

Chris
---
christopher michael*rms business systems*<cm @
 rmsbus .
 com>
Follow-Ups:
Indexed By Date Previous: Re: Web Site Blocking
From: Benedikt Stockebrand <benedikt @ devnull . ruhr . de>
Next: Seeking Refs on Sec Net Top, Call Back
From: Eric Fluger <ef @ panix . com>
Indexed By Thread Previous: Re: Information about CGI
From: vadillo @ apu . rcp . net . pe (Enrique Vadillo)
Next: Re: firewalls and the clue-challenged
From: Rick Romkey <pokey @ maddie . atlantic . com>
Google
 
Search Internet Search www.greatcircle.com