Re: [fw-wiz] A fun smackdown...

• Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
• In reply to: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Next in thread: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Reply: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Chuck Swiger <chuck@codefab.com>
Date: Thu, 19 May 2005 17:45:40 -0400 (EDT)

On Thu, 19 May 2005, Chuck Swiger wrote:

> Paul, why *don't* people run their firewalls with a single "deny all"
> rule?
>

Actually, thinking about it, because it's cheaper to just not connect
systems that don't need the risk, and you lose the risk of implementation
errors in the firewall, configuration errors, and it then takes physical
presence to bridge the gap, reducing the rate of attack (which is probably
extremely low anyway.)

Now I've got one for you; Why do some people run firewalls with a single
"allow all" rule, and what can you do to make that less risky than the
"deny all" example?

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "Re: [fw-wiz] A fun smackdown..."
• In reply to: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Next in thread: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Reply: Chuck Swiger: "Re: [fw-wiz] A fun smackdown..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]