Re: Aren't firewalls enough?

From: Nick (nick_carter_at_fastmail.fm)
Date: 10/01/03

• Next message: Adam: "Just how secure am I?"
• Previous message: Edward Westin: "Block Backdoor/SubSeven Trojan horse."
• In reply to: CRM: "Aren't firewalls enough?"
• Next in thread: Darian Lanx: "Re: Aren't firewalls enough?"
• Reply: Darian Lanx: "Re: Aren't firewalls enough?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 1 Oct 2003 10:10:31 -0700

Yes, Firewalls are NOT the "Be all and end all" of security.
Information security is a holistic philosophy and Firewalls are just
one of the devices used to enforce security.

Suggest you have a look at a well recognised industry standard such as
the BS 7799. It gives you a very good macro perspective of the various
components of information security. To name a few -

1) Security organisation
2) Logical access controls
3) Physical access controls
4) Operations management
5) Business Continuity
6) Compliance
7) Security Policies
8) Personnel security etc.

Trying to address information security by just looking at firewalls
etc is trying to adopt a piece meal approach. You would be missing the
Bigger picture and may not be able to figure out where your actual
threats lie.

Hope this helps.

Best regards.
Nick

flowervalley007@yahoo.com (CRM) wrote in message news:<6792acd0.0309302212.2248943d@posting.google.com>...
> Hi all,
>
> I accidently got a discussion from one of the discussions of
> www.techieindex.com, Firewalls are necessary tools, but they are not
> the core of information security. You need to concentrate on a
> holistic security architecture. Security shouldn't be added to an
> enterprise; it must be woven into the fabric of the application.
> Aren't firewalls enough?

---

• Next message: Adam: "Just how secure am I?"
• Previous message: Edward Westin: "Block Backdoor/SubSeven Trojan horse."
• In reply to: CRM: "Aren't firewalls enough?"
• Next in thread: Darian Lanx: "Re: Aren't firewalls enough?"
• Reply: Darian Lanx: "Re: Aren't firewalls enough?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Defense in Depth ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ... (Security-Basics) RE: Wireless Security for Home Users ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ... (Security-Basics) RE: [Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! ... > 1) I don't trust MS products for security related tasks. ... firewalls running on NT? ... necessary steps to mitigate the risk and protect yourself. ... We still had six boxes hit. ... (Full-Disclosure) RE: IDS is dead, etc ... Most firewall logs are just as tough to decipher as IDSs. ... Automated security analytics is a tough animal I don't care what the system. ... firewalls and IDSs, not just IDSs. ... There is no solution to these problems, therefore IDS is dead and we ... (Focus-IDS) RE: [Full-Disclosure] Re: Microsoft Security, baby steps ? ... You can have firewalls guarding the outside, ... the network? ... We also need software vendors to ... stop giving lip service to security and start actually implementing it. ... (Full-Disclosure)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2003-10