Telco's write best practices for packet switching networks
Rob Quinn
rquinn at sec.sprint.net
Wed Mar 6 15:35:24 UTC 2002
> When you've got a deployed server, run by clueful people, dedicated to a
> single task, firewalls are not the way to go.
Probably. And I would certainly rate "clueful people" _far_ above a firewall
when it comes times to prioritize your security needs and resources.
> What are you going to do with a firewall?
Compared to your average application, firewalls often have
-better logging (more detail, adjustable, not on the vulnerable device);
-vendors focused on security;
-add-ons like IDS that can benefit from the superior logs;
-firewall admins focused on security and who do security every day;
-better response capability for unplanned/unanticipated security issues.
> chose a resilient and flame tested daemon, and watch the patchlist for it.
You've never seen a security vendor come out with a patch or workaround before
an application vendor?
--
| Opinions are _mine_, facts Rob Quinn |
| are facts. (703)689-6582 |
| rquinn @ sec.sprint.net |
| Sprint Corporate Security |
| Computer Incident Response Team |
More information about the NANOG
mailing list