Welp, there was a discussion bordering on a religious war here not too long ago about this very subject. I will, again, state my views. Hopefully this time, without arousing the ire of the other list participants :)
I would say that hardening the OS/Apps (including logins, protocols, etc.) is by far the most important. I have seen far too many networks where the admins did little if anything to harden the internal systems. Once the intruder got past the perimeter defenses, they invariably had a field day. I believe the technical term for this setup is "the network that's crunchy on the outside, and chewy on the inside". Conversely, I've seen networks with firewalls that did little more than filter broadcast traffic, but with fully hardened systems that intruders couldn't get into. -----Original Message----- From: Omar Koudsi [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 6:30 PM To: [EMAIL PROTECTED] Subject: Hardening VS firewalling ? OK, I know this is more of a theoretical debate, because in reality we are able and should do BOTH. But according to you, which is more important? Paying attention to having great firewall with a great ACL more than hardening and patching the systems? Or not have to worry about the firewall or having one at all and concentrate on applying best practices to OS/APPS and making sure the OS/APPS is up date on patches? In the unlikely event that you had to choose one over the other (or some people would argue that this is a reality since time is limited and you can really concentrate on one) , which one would it be and why? Regards, ----------- Omar Koudsi IT Architect Network Security Center Special Systems Company http://security.sscjo.com [EMAIL PROTECTED] Tel: (9626) 5664221 Fax: (9626) 5681557
