"Marcus J. Ranum" wrote:
>
> This whole firewall "thing" has become an exercise in wishful-thinking
> "have your cake and eat it too" -- and in the long run it's not going to
> work. It only works now because the hackers aren't as smart as
> they and the media think they are.
That would be the curmudgeon view, yes, and I'll confess to being
guilty of it on some of my darker days.
The important difference is that firewalls (as in "the box that all
traffic to the Internet has to pass through") can no longer be used
for risk elimination for meaningful values of "network traffic".
If, indeed, they ever could. Now, it's about risk mitigation, and
it's just one tool of many in securing your network (perimeter).
But do people realize this? Heck no.
- "My web server got infected with Nimda! Your firewall sucks!"
- "Um, no. Look, none of your internal systems got hit in turn by
the web server. The firewall did the job you configured it
to do. We explain this in detail in chapter 1 in the glossy
user's guide."
- "%#@&¤%&@#% I want my money back!"
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Sep 01 2003
Intro
