I would choose hardening, because ultimately (in general) it is a host that is being compromised, not a network (at least not directly). You can firewall all you want but if you are not configuring the services securely that you DO let through then you are still at great risk. Additionally, if you remove services from running on a server or host, than the need for firewalling diminishes. It does not disappear ofcourse.
For example, you firewall out port 111, RPC, and others, but you have an FTP server running, not chroot'ed with anonymous rwx access. Or, you remove RPC and other unnecessary services, chroot FTP and remove or restrict anonymous FTP access. Ok, that's a little exaggerated but you get my point. No firewalling leaves you vulnerable to network attacks, DoS, and others ofcourse. Hope that helps. -Jeff Omar Koudsi wrote: > > OK, I know this is more of a theoretical debate, because in reality we > are able and should do BOTH. > > But according to you, which is more important? Paying attention to > having great firewall with a great ACL more than hardening and patching > the systems? Or not have to worry about the firewall or having one at > all and concentrate on applying best practices to OS/APPS and making > sure the OS/APPS is up date on patches? > > In the unlikely event that you had to choose one over the other (or some > people would argue that this is a reality since time is limited and you > can really concentrate on one) , which one would it be and why? > > Regards, > > ----------- > Omar Koudsi > IT Architect > Network Security Center > Special Systems Company > http://security.sscjo.com > [EMAIL PROTECTED] > Tel: (9626) 5664221 > Fax: (9626) 5681557
