Re: Firewall Placement Question

["Dale W. Carder" <dwcarder () wisc edu>]

On Feb 20, 2008, at 8:36 PM, jason () tacorp com wrote:
> The network which I manage is a university network that hasn't been  
> looked
> after very well with regards to security and access control.

Welcome to academia.

> Lastly, is anyone doing any kind of filtering inside the network or is
> only done at the border?

First off, the idea of a border is a fallacy.  Laptops come and go,
people come and go, and you have 0% control of this.  In addition a
"border" is hard to scale, as firewalls that can do 10G line rate
with millions of sessions are only just now appearing.

We have been continuing to divide and conquer by department and
research lab.  For example, there is no reason for the ancient german
literature department to be able to reach the monkey torture lab
or the nuclear reactor.  We have ~175 firewall contexts deployed
to date and we're perhaps 1/3 of the way through this 1st round.
We have also been segmenting our main data center further.  I
will not lie, this has been a huge project with dozens of people
involved.

> The question is: given that we are working to take historically  
> abusive
> users off the network, is it really worth the time...

You're missing the point.

The business driver you should be looking at foremost is protecting
your data and intellectual property.  You're in the business of
generating patents, spinning off companies, publishing ideas, and
you happen to teach on the side.  Your data is subject to HIPPA,
FERPA, etc.

Protect your core businesses.

Dale

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards