On Thu, 31 Aug 1995, gary flynn wrote:
> This Hannah product looks like what I've been looking for. It puts
> "network security" where it belongs...on the nodes. I liken this
> to putting locks on building doors rather than gates across
> heavily traveled roads. Then the communications infrastructure
> can be upgraded and used as intended...as a communications highway.
> Problems with firewall throughput go away.
[...]
> Is anyone else excited about this product or am I missing something?
I'm not familiar with this particular product. That said, I'd like to
address a couple of point that you make about it.
First, there's the possibility that people will not use the product, or
that their product will not fit all type, styles, and rev levels of
computer on your network. Once one of the systems on your network is
compromised it becomes a safe staging area for attacks on the rest of
your network. Which leads us to ...
Second, the whole reason people put the soft chewy center in the middle
of a very hard shell is so there is a single access point to be
administered. It's one thing to get a good security person to
manage/monitor the firewall through which all traffic flows. It's
another thing altogether (usually thought impossible in any sizeable
installation) to try and have many administrators adequately secure their
systems.
--- David
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
Follow-Ups:
References:
|
|
