North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Firewall opinions wanted please
- From: Alexei Roudnev
- Date: Thu Mar 18 01:24:26 2004
>
> And I think you have hit it right on the head...another line of defense.
> Everything I've ever read about security (network or otherwise) suggests
> that a layered approach increases effectiveness. I certainly don't trust
a
> firewall appliance as my only security device, so I also do prudent things
> like disable ports and applications that are not in use on my network and
> enforce authentication and authorization for access to legitimate
services.
Unfortunately, it decreases it.
If I turn off file sharing on Windows server, I'll increase security but
complicate support (in some cases).
If I run ids system, I spend time, verifying and approving changes done by
maintaineers. And so on.
So, it is very important to have a strong FIRST line of defense (inbound
firewalls) and last line (host IDS); it allows to bring little more
efficiency by keeping convenient (but not very secure) protocols inside your
internal network. Else, you end up in full paranoya.
|
