Frederick M Avolio wrote:
> The point of a security mechanism is to offer a certain level of usability
> while offering a certain level of security with a certain level of
> assurance. If we really expect -- which is how I read your word "hope"
> since we can hope all we want... -- it to be 100% we will always be
> disappointed. This is not cynicism or fatalism. It is reality...
Fred (as always) is 100% right on with this statement.
It all comes down to business need, risk assessment and cost effective
security. It's been stated here many times before: if you want a 100%
effective firewall, invest in a set of wire cutters. This of course
shoots "usability" right out of the water. ;)
The reason an organization hooks into the Internet in the first place is
business need (exchange mail with vendors, offer clients Web site
access, VPNs, etc. etc.). Once you establish connectivity, you open
yourself up to a certain level of risk. You can string a half dozen
firewalls together but you will still be susceptible to some level of
risk to attack. This is why it is so important to assess this level of
risk and implement a security plan which is workable on a finite budget
*and* continues to fit the original business need (i.e. "usability").
So the higher your usability requirements, the lower your overall
security. Think of it as the Ying & Yang of firewalling. ;)
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
