Re: Hardening VS firewalling ?
From: Terry Jordan (terry@goantiques.com)Date: 01/08/02
- Previous message: shawn merdinger: "Re: Securing Access to Cisco Routers"
- In reply to: Omar Koudsi: "Hardening VS firewalling ?"
- Next in thread: Johnson, Wayne: "RE: Hardening VS firewalling ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Terry Jordan <terry@goantiques.com> To: "Omar Koudsi" <omark@jeeran.com>, <security-basics@securityfocus.com> Date: Tue, 8 Jan 2002 13:41:54 -0500
Personally, Id chose a great firewall. Becasue firewalls effectively seperate
your business critical apps, services or whatever from the rest of the prying
world, youve got a kind of safety net to fall on. Most OS and applications
dont come out of the box with gaping exploitable security hazards (key word
being MOST :) anyway. Also, depending on what you're running theres always
the possibility of some mandatory security update breaking whatever you
currently have running so you may end up putting in more work/time than you
initially planned. Another point is that the majority of firewall software is
put under great scrutiny by their manufacturers. Any vulnerability of even
the slightest degree is usually found and patched immediately (as opposed to
the various configurations individual apps and OS's are subject to that may
take even longer to identify a potential problem). Finally its altogether
much more convenient to maintain one or two firewalls as opposed to one or
more SERVERS. (though this last point really depends on your specific network
layout. Obviously someone with just 1 or 2 machines on a network wont see
that much of an advantage as opposed to someone with 10 or 15.)
Hope this helps.
-Terry
On Monday 07 January 2002 19:29, Omar Koudsi wrote:
> OK, I know this is more of a theoretical debate, because in reality we
> are able and should do BOTH.
>
>
> But according to you, which is more important? Paying attention to
> having great firewall with a great ACL more than hardening and patching
> the systems? Or not have to worry about the firewall or having one at
> all and concentrate on applying best practices to OS/APPS and making
> sure the OS/APPS is up date on patches?
>
> In the unlikely event that you had to choose one over the other (or some
> people would argue that this is a reality since time is limited and you
> can really concentrate on one) , which one would it be and why?
>
> Regards,
>
>
> -----------
> Omar Koudsi
> IT Architect
> Network Security Center
> Special Systems Company
> http://security.sscjo.com
> omark@sscjo.com
> Tel: (9626) 5664221
> Fax: (9626) 5681557
--Terry Jordan Systems Administrator GoAntiques, Inc.
v. 614-481-5750 f. 614-481-5751
Shop the GoAntiques Network www.goantiques.com <http://www.goantiques.com>
AOL Keyword: GoAntiques
- Previous message: shawn merdinger: "Re: Securing Access to Cisco Routers"
- In reply to: Omar Koudsi: "Hardening VS firewalling ?"
- Next in thread: Johnson, Wayne: "RE: Hardening VS firewalling ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
