Telco's write best practices for packet switching networks

Rob Quinn rquinn at sec.sprint.net
Wed Mar 6 15:35:24 UTC 2002


> When you've got a deployed server, run by clueful people, dedicated to a
> single task, firewalls are not the way to go.

 Probably.  And I would certainly rate "clueful people" _far_ above a firewall
when it comes times to prioritize your security needs and resources.

> What are you going to do with a firewall?

 Compared to your average application, firewalls often have
 -better logging (more detail, adjustable, not on the vulnerable device);
 -vendors focused on security;
 -add-ons like IDS that can benefit from the superior logs;
 -firewall admins focused on security and who do security every day;
 -better response capability for unplanned/unanticipated security issues.

> chose a resilient and flame tested daemon, and watch the patchlist for it.

 You've never seen a security vendor come out with a patch or workaround before
an application vendor?

-- 
| Opinions are _mine_, facts                                     Rob Quinn |
| are facts.                                                 (703)689-6582 |
|                                                  rquinn @ sec.sprint.net |
|                                                Sprint Corporate Security |
|                                          Computer Incident Response Team |



More information about the NANOG mailing list