North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Telco's write best practices for packet switching networks
- From: Rob Quinn
- Date: Wed Mar 06 10:39:02 2002
> When you've got a deployed server, run by clueful people, dedicated to a
> single task, firewalls are not the way to go.
Probably. And I would certainly rate "clueful people" _far_ above a firewall
when it comes times to prioritize your security needs and resources.
> What are you going to do with a firewall?
Compared to your average application, firewalls often have
-better logging (more detail, adjustable, not on the vulnerable device);
-vendors focused on security;
-add-ons like IDS that can benefit from the superior logs;
-firewall admins focused on security and who do security every day;
-better response capability for unplanned/unanticipated security issues.
> chose a resilient and flame tested daemon, and watch the patchlist for it.
You've never seen a security vendor come out with a patch or workaround before
an application vendor?
| Opinions are _mine_, facts Rob Quinn |
| are facts. (703)689-6582 |
| rquinn @ sec.sprint.net |
| Sprint Corporate Security |
| Computer Incident Response Team |