I don't need no stinking firewall!

• Previous message (by thread): I don't need no stinking firewall!
• Next message (by thread): I don't need no stinking firewall!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 5, 2010 at 9:20 PM, Rich Kulawiec <rsk at gsp.org> wrote:
> A firewall is another layer in a defense-in-depth strategy, but tends
> to only be truly effective if the first rule in it is
>
>        deny all from any to any

Not surprisingly, good network security starts with and incorporates
the protected users as its most important element. Start with "deny
all" and not only won't they work with you, the more creative among
them will teach the others how to work around you.

I've seen it over and over again and the faulty design always starts
with a deny-all mentality.

Can you imagine a deny-all mentality in physical security? I'm sorry
sir, you can't leave your house until you justify your need to walk
down the street.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

• Previous message (by thread): I don't need no stinking firewall!
• Next message (by thread): I don't need no stinking firewall!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]