On Tue, 21 Feb 1995, Marcus J Ranum wrote:
> Really, you're right - a guard is a kind of firewall, where
> "firewall" is loosely defined: "a system or set of systems that
> implement access controls across a trust boundary." [my current
> favorite definition] But when someone asks for a "firewall" between
> his classified net and his SBU net he is not talking about the
> same kind of critter most of us are when we say "firewall" :)
Too many people seem to have the idea that a firewall will protect a
network against external threat. IMHO, the only true protection is the
system known as the AirGap (tm). "Firewall" is a bad name, in the sense
that it actually punches *controlled holes* through the boundary. The
user is trading some level of risk for some level of convenience. So
long as the risk is small, and the convenience relatively great, the
tradeoff is worth making, but it's still a tradeoff.
Anyone considering or building a firewall should have that outlook.
Any path that connects to the "outside world" is a risk, but is the risk
worth taking?
'Nuf said; I'm going back to work formatting floppy diskettes for
management now. :-)
Frank
--
"Outside of a dog, a book is a man's best friend;
inside of a dog, it's too dark to read." -- Groucho Marx
References:
|
|
