Back to the "crunchy on the outside, chewy on the inside" vs. "tough to chew through and through", huh? I've seen it well implemented both ways. My PERSONAL preference is that a firewall is not needed for a network if EVERYONE on that net using EVERY system is fully versed in hardening methods. It only takes one to hose things up, though. I've seen a laboratory like this, for instant. But even then, wouldn't hurt. Otherwise, you gotta watch out - it is tough to make things fool proof because fools are so ingenious.
V/R Jim Omar Koudsi wrote: [snip] > But according to you, which is more important? Paying attention to > having great firewall with a great ACL more than hardening and patching > the systems? Or not have to worry about the firewall or having one at > all and concentrate on applying best practices to OS/APPS and making > sure the OS/APPS is up date on patches? [snip] -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
