[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

I'd be interested in your paper if it will be published publicly.  I 
will agree that a 'Defense in Depth' is a good solution. (I for one have 
  more than one firewall protecting my home network).  It sounds similar 
to Bob Toxen's 'rings of security' solution.  I suspect the reference to 
'The Onion' is a similar idea.

I see a couple of scenarios here.  The original poster, I believe was 
refering to a small home network.  In such a situation it might be 
possible to keep a primary firewall and separate software firewalls on 
each computer properly configured and up-to-date.  You have to look at 
the risk.  Most home users are not likely to be subject to individual 
hack attempts, and those that are, are likely running no firewall.  It's 
the old scenario of keeping yourself more secure than your neighbor.  If 
a thief is looking for a car to steal at the mall, he'll likely pass 
over the one that has all the doors locked, for the one with the keys in 
the ignition.  You can't and don't have to make your network impervious, 
but you can make it more secure than the majority of dsl users out there.

It's like the old 'two hikers and bear joke.'  Hiker A doesn't need to 
out run the bear, he just has to out run Hiker B.

Another possible scenario is the business network.  You're just not 
going to have the man power to keep every desktop computer firewall 
properly configured and up-to-date.  In corporate environments I've seen 
multiple levels of protection, along with properly defined subnets. 
Obviously you'll have firewalls between the internet and your corporate 
network.   Along with those, you'll likely have multiple DMZs and even 
firewalls internally keeping different parts of the corporate network 
separated.  It is highly unlikely you'll find firewall software running 
on every client.  It's just not possible to keep up with such a 
configuration.

-- 
Until later, Geoffrey                     Registered Linux User #108567
Building secure systems in spite of Microsoft


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00467" href="msg00467.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00454" href="msg00454.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> exodous at m-net.arbornet.org (exo)</li></ul></li>
<li><strong><a name="00460" href="msg00460.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> n4zm at mindspring.com (zeb)</li></ul></li>
<li><strong><a name="00462" href="msg00462.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00464" href="msg00464.html">[ale] Good windows firewall ?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00465.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00467.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00464.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00467.html">[ale] Good windows firewall ?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00466"><strong>Date</strong></a></li>
<li><a href="threads.html#00466"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>