New Computer? Six Steps to Safer Surfing
Fred Baker
fred at cisco.com
Mon Dec 20 17:05:00 UTC 2004
At 09:14 PM 12/18/04 -0500, Sean Donelan wrote:
>I wouldn't rely on software firewalls. At the same store you buy your
>computer, also buy a hardware firewall. Hopefully soon the motherboard
>and NIC manufacturers will start including built-in hardware firewalls.
I guess my question is: why rely on a firewall at all? Yes, a firewall at
ingress to a network will reduce the probability or effectiveness of an
attack from "outside" in many cases. But in many cases the infection is
from "inside", and in any event something in the network or in the end
system at the edge of the network can only really address link and network
layer attacks effectively.
I personally would far rather presume that the end system is responsible
for its own security, and that there are security considerations at every
layer. Reduce the incidence and track attacks with network-based tools, but
in the final analysis build the applications and stack code to withstand
attacks.
More information about the NANOG
mailing list