Re: Easily configurable firewall?
From: J C Lawrence (claw@kanga.nu)Date: 12/10/01
- Previous message: hvdkooij@vanderkooij.org: "Re: 2 security issues"
- Maybe in reply to: Don Felgar: "Easily configurable firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Johan Helsingius <Julf@Julf.com> Date: Mon, 10 Dec 2001 13:48:09 -0800 From: J C Lawrence <claw@kanga.nu>
On Sat, 08 Dec 2001 10:23:35 +0100
Johan Helsingius <Julf@Julf.com> wrote:
> At 03:06 07/12/2001 -0500, Sebastian Ip wrote:
>> No body in their right minds would VPN each individual
>> workstation by itself.
> Unless they are on a non-secure network, such as a WLAN. The
> "let's have a firewall and keep all the bad things outside"
> mentality is far too simplistic for anything except trivial cases.
True. There's also the segmentation model where you do
application-specific IPSec VPNs, which depending on who you want to
do your compartmentalisation, can be either of the form "everybody
with access to this applications shares a common VPN to access it",
or individual private VPNs, one per station, each VPN containing
only the target client and the server. Yes, its expensive, but
depending on the security models and containment needs, is required
for certain cases.
-- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
- Previous message: hvdkooij@vanderkooij.org: "Re: 2 security issues"
- Maybe in reply to: Don Felgar: "Easily configurable firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
