If I have to choose _only_ one, then I would go for security patches, but if I use time optimization as a base for my decision, then I would firewall to deny everything except explicitly necessary services and then I would security-patch all of those explicitly allowed services.
If time is not of my concern, I would to that, plus I would develop security policies, like more secure passwords, secure practices, I would have the employees/students take a course on computing culture, etc. Octavio. At 02:29 a.m. 08/01/2002 +0200, Omar Koudsi wrote: >OK, I know this is more of a theoretical debate, because in reality we >are able and should do BOTH. > > >But according to you, which is more important? Paying attention to >having great firewall with a great ACL more than hardening and patching >the systems? Or not have to worry about the firewall or having one at >all and concentrate on applying best practices to OS/APPS and making >sure the OS/APPS is up date on patches? > >In the unlikely event that you had to choose one over the other (or some >people would argue that this is a reality since time is limited and you >can really concentrate on one) , which one would it be and why? > >Regards, > > >----------- >Omar Koudsi >IT Architect >Network Security Center >Special Systems Company >http://security.sscjo.com >[EMAIL PROTECTED] >Tel: (9626) 5664221 >Fax: (9626) 5681557
