On Thu, 14 Feb 2002, David Carmean wrote: | My question is: at what point do the benefits of | compartmentalizing functions like this, in their own | (possibly differently-hardened or heterogenous) boxes, | become outweighed by the complexity of configuring, | managing, and monitoring such a setup? The more stuff there | is to configure, especially without scary | remote-administration tools like cfengine, the higher the | probability of a mistake creating a hole. And the higher | the difficulty of testing/validating.
In my experience my dual firewall config has SAVED me from misconfigurations affecting security -- rather that this metric adding to insecurity. A good question, IMHO. Even with dual fw when using morpheus etc my THIRD fw gets tripped all the time -- that is my personal/workstation firewall. (sw) FWIW Im looking into my antivirus arrangements in the same light. One vendor / host may not cut it [anymore]. Go broadband. .silver _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
