Firewall Wizards mailing list archives
RE: Code Red: What security specialist don't mention in warnings
From: "Gautier . Rich" <RGautier () drc com>
Date: Thu, 2 Aug 2001 13:49:29 -0400
I'd like to say 'Ditto' to Frank's advice, but also probably caveat that with saying that many places still don't have proper firewalls or packet filters. Server farms are probably a good example of this. People put up websites at a hosting company for $15/month or what have you, and they don't get a firewall/security service with that. They get space on a 'hopefully' up-to-date patched system. $15/month doesn't buy them any security. A lot of network attacks could be prevented by proper firewall techniques at the ISP level. Think about spoofed DoS attacks and other source-routed goodies. Why should an ISP route anything other than the dialed-in IP addresses out from a dial-in modem bank? Why should dial-in customers be using source routing? Can't this stuff be contained at the access points to the Internet with simple packet filters? Yes, but they won't...too expensive or too hard for current staff. Firewalling may solve plenty of problems, but the management problems of separating the haves and have-nots are a much bigger problem than the one or two people who incorrectly configured the firewall. I'd rather congratulate someone for even having a firewall than be angry with them for misconfiguring it. Richard A. Gautier http://rgautier.tripod.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Code Red: What security specialist don't mention in warnings Gautier . Rich (Aug 04)
- <Possible follow-ups>
- RE: Code Red: What security specialist don't mention in warnings Frank Knobbe (Aug 05)