Hardening VS firewalling ?

From: Omar Koudsi (omark@jeeran.com)
Date: 01/08/02


From: "Omar Koudsi" <omark@jeeran.com>
To: <security-basics@securityfocus.com>
Date: Tue, 8 Jan 2002 02:29:43 +0200

OK, I know this is more of a theoretical debate, because in reality we
are able and should do BOTH.

But according to you, which is more important? Paying attention to
having great firewall with a great ACL more than hardening and patching
the systems? Or not have to worry about the firewall or having one at
all and concentrate on applying best practices to OS/APPS and making
sure the OS/APPS is up date on patches?

In the unlikely event that you had to choose one over the other (or some
people would argue that this is a reality since time is limited and you
can really concentrate on one) , which one would it be and why?

Regards,

-----------
Omar Koudsi
IT Architect
Network Security Center
Special Systems Company
http://security.sscjo.com
omark@sscjo.com
Tel: (9626) 5664221
Fax: (9626) 5681557



Relevant Pages

  • Re: Hardening VS firewalling ?
    ... An IIS box with no patches installed behind the greatest firewall in the ... > all and concentrate on applying best practices to OS/APPS and making ... > sure the OS/APPS is up date on patches? ...
    (Security-Basics)
  • Re: Redoing Cast Iron Tops
    ... Thanks, I needed a dose of reality, it will help over come my ... obsessive -compulsive issues so I can concentrate on developing ... wookworking skills. ...
    (rec.woodworking)
  • Re: help: new XP, cant ping
    ... > I'd bet there's a misconfigured or overlooked firewall. ... I get the same results when I disable the firewall. ... can't ping in either direction. ...
    (microsoft.public.windowsxp.network_web)
  • Re: [more specific] Signature vs. Protocol Analysis
    ... >implicit allow rule with a bunch of explicit denies tacked onto it ... >isn't a sane way to develop a firewall ruleset. ... >is it going to be before we NIDS goons figure out the analagous truth? ... but again it'll take time and reality for it all to sink in. ...
    (Focus-IDS)