On September 30, 2001 11:17 pm, Kurt Wall wrote: > Chang wrote: > % you were taklomg about damages from within? well... what can I say... > % > % > Relying on a firewall alone is not "security" to any kind of > professional % > industry standard. Unfortuantely, it is a v ery common > configuration. > > No, what Burns meant (if I may) is that far too many organizations > believe a firewall is sufficient protection against attack, which it > isn't. <snip> > > Properly conceived security is comprised of layers of protection, not > some electronic equipment of the Maginot line that airplanes can fly > right over. >
Exactly. Most proper, industry-grade, security includes 'defense-in-depth' and, as a minimum, a 'DMZ'... essentially a "kill zone" between layers where intruders can be identified and dealt with before they breach the inner layer of defense. Typically, intrusion detection systems (IDS) sit off to the side, monitoring this DMZ. Remember, almost by definition, every firewall is pierced to allow qualified traffic through. This means that every firewall can be breached, it's just a matter of when, how and by whom. Physical safeguards alone are not enough either. A very large proportion of breaches and compromises can be traced back to poor procedures and security practices - such as failing to keep patches current, use of weak passwords and other forms of authentication, failing to change default passwords, etc. But you are right, Chang, industry analysts estimate that as much as 40-60 percent of security incidents in corporate networks are caused from within. These are more difficult to deal with, but there are also methods for doing just that, such as using fireguards, non-intrusive usage pattern monitoring, creating 'access communities' or work-based access restrictions, etc. -- burns _______________________________________________ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users
