Personally, Id chose a great firewall. Becasue firewalls effectively seperate your business critical apps, services or whatever from the rest of the prying world, youve got a kind of safety net to fall on. Most OS and applications dont come out of the box with gaping exploitable security hazards (key word being MOST :) anyway. Also, depending on what you're running theres always the possibility of some mandatory security update breaking whatever you currently have running so you may end up putting in more work/time than you initially planned. Another point is that the majority of firewall software is put under great scrutiny by their manufacturers. Any vulnerability of even the slightest degree is usually found and patched immediately (as opposed to the various configurations individual apps and OS's are subject to that may take even longer to identify a potential problem). Finally its altogether much more convenient to maintain one or two firewalls as opposed to one or more SERVERS. (though this last point really depends on your specific network layout. Obviously someone with just 1 or 2 machines on a network wont see that much of an advantage as opposed to someone with 10 or 15.)
Hope this helps. -Terry On Monday 07 January 2002 19:29, Omar Koudsi wrote: > OK, I know this is more of a theoretical debate, because in reality we > are able and should do BOTH. > > > But according to you, which is more important? Paying attention to > having great firewall with a great ACL more than hardening and patching > the systems? Or not have to worry about the firewall or having one at > all and concentrate on applying best practices to OS/APPS and making > sure the OS/APPS is up date on patches? > > In the unlikely event that you had to choose one over the other (or some > people would argue that this is a reality since time is limited and you > can really concentrate on one) , which one would it be and why? > > Regards, > > > ----------- > Omar Koudsi > IT Architect > Network Security Center > Special Systems Company > http://security.sscjo.com > [EMAIL PROTECTED] > Tel: (9626) 5664221 > Fax: (9626) 5681557 -- Terry Jordan Systems Administrator GoAntiques, Inc. v. 614-481-5750 f. 614-481-5751 Shop the GoAntiques Network www.goantiques.com <http://www.goantiques.com> AOL Keyword: GoAntiques
