nanog mailing list archives
Re: Firewall opinions wanted please
From: "Alexei Roudnev" <alex () relcom net>
Date: Wed, 17 Mar 2004 22:20:51 -0800
And I think you have hit it right on the head...another line of defense. Everything I've ever read about security (network or otherwise) suggests that a layered approach increases effectiveness. I certainly don't trust
a
firewall appliance as my only security device, so I also do prudent things like disable ports and applications that are not in use on my network and enforce authentication and authorization for access to legitimate
services. Unfortunately, it decreases it. If I turn off file sharing on Windows server, I'll increase security but complicate support (in some cases). If I run ids system, I spend time, verifying and approving changes done by maintaineers. And so on. So, it is very important to have a strong FIRST line of defense (inbound firewalls) and last line (host IDS); it allows to bring little more efficiency by keeping convenient (but not very secure) protocols inside your internal network. Else, you end up in full paranoya.
Current thread:
- Re: Firewall opinions wanted please, (continued)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Peter Galbavy (Mar 18)
- Message not available
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Eric Gauthier (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Petri Helenius (Mar 17)
- Re: Firewall opinions wanted please Erik Haagsman (Mar 17)
- Re: Firewall opinions wanted please Bruce Pinsky (Mar 17)
- Re: Firewall opinions wanted please Erik Haagsman (Mar 17)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Steven M. Bellovin (Mar 17)
- Re: Firewall opinions wanted please bill (Mar 17)
- Re: Firewall opinions wanted please Rachael Treu (Mar 17)
- Re: Firewall opinions wanted please Steven M. Bellovin (Mar 17)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 17)
- Re: Firewall opinions wanted please Chris Brenton (Mar 18)
- Re: Firewall opinions wanted please Alexei Roudnev (Mar 18)
- Re: Firewall opinions wanted please Chris Brenton (Mar 18)