On Thu, 5 Dec 1996 cwg @
> > Because our firewall is on an NT platform and has a good GUI, I can be
> > gone for a couple of weeks and even my boss, a manager, can sit down and
> > make changes to the firewall comfortably. Several other people in the
> > computing department with the passowrd could do the same if they had to.
> > After two years, nobody else could sit down to my Solaris box and do
> > anything except manage to shut things down.
> While you're at it, do you care to announce to the list when your next
> Personally, I don't *want* just anybody to be able to modify the firewall. I
> also don't want "several other people" to have the password to the firewall.
I wholeheartedly agree! But my company does like to have the option of
not being dead-in-the-water if something happens and I, their Great
Security Guru, am unavailable or in Alaska.
For clarification, I didn't say that several people DO make changes to our
firewall. I said several other people COULD make changes if they had to.
For example, if we had a hardware failure (which has happened) they could
fix the hardware and have the operating system knowledge to be able to get
the firewall system up and running again. If the same thing happened on
our Solaris box they would be hard-pressed to do any of the above.
> Chris Garrigues O- cwg @
> Deep Eddy Internet Consulting +1 512 432 4046
> 609 Deep Eddy Avenue
> Austin, TX 78703-4513 http://www.DeepEddy.Com/~cwg/