Barney Wolff wrote:
>In the good old days, the definition of "firewall" was "that which
>implements your security policy" rather than "the box with that label".
Hey!!! I remember that definition!! <LOL> .. I ought to.....
>The implication of this reasoning is clear: If you don't control the
>internal tunnel endpoint(s), you don't control your security policy.
Yup. The problem is that there's so much shovelware, spyware, trojanware,
and social-engineerware that you DON'T really control the endpoints, you
just think you do. I've seen waaaay too many companies think "we have a
firewall, so we don't need to worry" - and not have antivirus software on
their interior machines because they are "safe" behind the firewall. It's
scary. :( We made a big mistake when we started building firewalls that
allowed outgoing connections that were not individually authenticated and
associated with a human user's request.
mjr.
---
Marcus J. Ranum http://www.ranum.com
Computer and Communications Security mjr_at_ranum.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 07 2003
Intro
