On Sunday, March 23, 2014 09:05:54 PM Cb B wrote: > i would say the more appropriate place for this policy is > the printer, not a firewall. For example, maybe a > printer should only be ULA or LLA by default. > > i would hate for people to think that a middle box is > required, when the best place to provide security is in > the host. Other layers are needed as required, but it > is sad that we don't look to the host it self as a first > step.
I would support adding security at the host-level, especially because with a centralized firewall, internal infrastructure is usually left wide open to internal staff, with trust being the rope we all hang on to to keep things running. However, if pratical running of the Internet has taught us anything, host-based firewalling (especially in purpose- specific devices like printers, Tv sets, IP phones, IP cameras, e.t.c.) is a long way away from what you can get with a centralized firewall appliance. Do I like it? No. I run a simple packet filter (IPfw) on my MacBook - it does what I need. But we know Joe and Jane won't want things they can't click; and even though they had things they could click, they don't want to have to understand all these geeky things about their computers. Mark.
signature.asc
Description: This is a digitally signed message part.
