>
> My opinion is that there should be only one firewall, solely used to do jobs
> that are not handled by other hosts. then, set up a secure web server, a secure
> mail server, ... and let each do their job. so, yes I vote for
> multi-host-based-security,
> MHBS (anyone to sell this to the press, so that we have a laugh...). this
> is just
> distributed computing, an old idea. Currently, it is not easy to distribute
> security.
> but I am certain that if enough people handle it, it'll be done.
>
>
I thought popular oppinion on this issue was it meant having units working
in conjunction with one another in the old 'onionskin' tradition as well;
routers block things the firewall and web servers and such should never
see.
toss in tcp wrappers in case all hell falls out and the firewalls drops
off or becomes potentially exploitable remotely.
seperate important business departments, especially those handleing more
delicate information from the users at large with router ACL's/firewalls
and of course as you mention, hardened hosts serving the needs ot the
many, all machines patched up current...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
