RE: [fw-wiz] Sources for Extranet Designs?
From: Frederick M Avolio (fred_at_avolio.com)
Date: 02/23/04
- Previous message: Wes Noonan: "RE: [fw-wiz] Sources for Extranet Designs?"
- Maybe in reply to: Baumann, Sean C.: "[fw-wiz] Sources for Extranet Designs?"
- Next in thread: Baumann, Sean C.: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Behm, Jeffrey L." <BehmJL@bvsg.com>, 'Wes Noonan' <mailinglists@wjnconsulting.com>, firewall-wizards@honor.icsalabs.com Date: Mon, 23 Feb 2004 13:59:23 -0500
At 11:35 AM 2/23/2004 -0600, Behm, Jeffrey L. wrote:
> >Never grant access to your production network or resources
>
>I was ok up until that last one...
>
>What's the point of connecting them up, if they don't get access to anything
>(isn't stuff in the DMZ *production*? Perhaps you meant
>"Never grant access to your *internal* production network or resources?"
Maybe Wes misspoke, or maybe he was subtly brilliant. (And I'll allow for
*both* possibilities. :-)) Remember the Old Magic from the Early Times?
That which is not expressly permitted...? Minimalism?
(http://www.avolio.com/papers/7tenets.html) How about we start with "Never
grant..." and then start adding the specific systems and services for which
access is required? Brilliant, Wes!
Fred
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Wes Noonan: "RE: [fw-wiz] Sources for Extranet Designs?"
- Maybe in reply to: Baumann, Sean C.: "[fw-wiz] Sources for Extranet Designs?"
- Next in thread: Baumann, Sean C.: "RE: [fw-wiz] Sources for Extranet Designs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
