As we all know from system security experience, the simplest and
greatest reducer of risk is to implement strict control of passwords.
After that you prioritize based on likelihood of attack, potential for
damage etc. etc.
Within the scope of firewalls, I am sure the same laws apply: there
are probably one or two very simple things an administrator can do.
(Many probably don't simply because they never heard about it). After
that will come a list of things to do/buy that can then be prioritized
on some sort of risk/cost/benefit analysis. How about we get such a
list together, along with some rules of thumb regarding priorities?
Brent, would you be willing to set up and maintain such a document?
Charles Butcher | If a little knowlegde is dangerous, where is the
au | person who has so much as to be out of danger?