>>Looks like all the ratings and such arent helping the military:
> I don't get it.
> On one hand, we have folks demanding to know why they can't
>connect to the Internet and "do everything we want, and with perfect
>security too!" And on the other hand, we have folks laughing at the
>military when they get broken into.
> Anyone see an inconsistency here?
>No inconsistency, human nature always wants to have the cake and eat it.
>Maybe also that most folk dont really understand security. Reading
>'Firewalls' it seems to me that many are more motivated by the technology
>than the need to fit it.
>What doesnt help the intelligent understanding of the subject is the type of
>media hype which chris posted on Firewalls - not his fault, he just read it
>and passed it on.
>The fact is that there is a lot of available technology (much of it appears
>to be invisible to the Firewall community), and the only way you can be sure
>you spend funds wisely and hit the balance between access
>control/restriction and availability is to build and maintain an effective
I'm involved in an effort to define an effective Risk Policy for our
site. After reading the 'Firewalls' book, monitoring the firewalls
discussion lists, and reading various white papers, I'd have to agree
that "many are more motivated by the technology than the need to fit
it," or at least tend to write about the technology more.
We're trying to focus on a requirements analysis before jumping into
product procurement/implementation. However, most of the technical
literature seems to be targeted to product procurement/implementation
and not requirements analysis. Are there any examples of an "effective
Risk Policy" out there, or discussions of how network security works
with node security to ensure that a site is not penetrated?
Enterprise Core Network Team ras @
Design Support Engineering ras @
Rockwell International ras%27746 .
400 Collins Road NE M/S 106-103
Cedar Rapids, IA 52498
Voice: 319/395-3863 Comments expressed are strictly my own and are not to
FAX: 319/395-5999 be construed as statements endorsed by my employer.