Re: Stateful protection for Exchange servers
From: Rob Hughes (rob_at_robhughes.com)
Date: 08/20/04
- Next message: Rob Hughes: "Re: Lost connection to shared drive/computer after install Win XP"
- Previous message: Cliff: "Internet Connection Sharing & ZoneAlarm"
- In reply to: kenw_at_kmsi.net: "Re: Stateful protection for Exchange servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 Aug 2004 05:27:35 -0500
kenw@kmsi.net is alleged to have said in comp.security.firewalls:
> Rob Hughes <rob@robhughes.com> wrote:
>
>>Heh... you've never worked with an Intrusion "appliance" then, have
you? :p
>>
>>But I do have to agree with Wolfgang. Build the requirements and policy
>>first, and allow the design choices to flow from those. Allowing the
design
>>to dictate the policy is just foolish, IMHO. Both will have to be balanced
>>with the Customer's abilities, but training and a support contract can go
a
>>long way towards alleviating any shortcomings there.
>
> One of the things that always creeps into conversations like this is
> assumptions about the customer.
No assumptions about the customer were made. This logic is scalable, from
the smallest to the largest site.
>
> I don't know for sure, but the language used in the above posting does
seem
> to imply an assumption of a significantly larger customer site.
>
Nope, if it's a really small site with very limited resources and doesn't
need a complex setup, then I would tend to focus on firewall "brick" type
setups that are pretty much set-it-and-forget-it deals. On the other hand,
depending on what the actual requirements are, a PC may make sense. Just
because something is labeled an "appliance" doesn't mean it's not just a PC
in a 1U or 2U form factor, repleat with fans, disks, etc. If a regular PC
can be built and will be more cost-effective, then it shouldn't be
eliminated out of hand. All I'm saying is that any anyone who starts a site
survey by beginning with "the solution shall not consist of <insert some
presumption about the final design here>" is doing the customer disservice.
Also, anyone who sells the customer a solution that doesn't include support
and at least enough training to have a basic understanding of whatever was
chosen is also doing them a large disservice. All technology goes badly,
sooner or later, and will require human intervention to get it going again.
-- Recursion: n. See Recursion.
- Next message: Rob Hughes: "Re: Lost connection to shared drive/computer after install Win XP"
- Previous message: Cliff: "Internet Connection Sharing & ZoneAlarm"
- In reply to: kenw_at_kmsi.net: "Re: Stateful protection for Exchange servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
