Network Segmentation Approaches

• Previous message (by thread): Network Segmentation Approaches
• Next message (by thread): Network Segmentation Approaches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 06, 2015 at 03:30:01PM -0700, Scott Weeks wrote:
> --- rsk at gsp.org wrote:
> From: Rich Kulawiec <rsk at gsp.org>
> 
> The first rule in every firewall is of course 
> "deny all" and subsequent rulesets permit only 
> the traffic that is necessary.  
> ------------------------------------
> 
> I think you got this backward?  That way all 
> traffic is blocked, so none is allowed through.  

Nope, I said exactly what I intended (and what I do, in practice).
Doing so forces one to understand in detail what traffic actually
needs to pass in/out and to craft specific rules for it.  This in
turn helps avoid making mistake #1:

	The Six Dumbest Ideas in Computer Security
	http://www.ranum.com/security/computer_security/editorials/dumb/

---rsk

• Previous message (by thread): Network Segmentation Approaches
• Next message (by thread): Network Segmentation Approaches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]