Let me put out a note from the side of a systems administrator. I am not a security "guru/consultant/practitioner/auditor" but a mere systems administrator. I got into the firewall/security fray by having my manager (at a previous corp) say: "We are having a firewall installed by a consultant for our new internet connection and we want you to help him out." I had no idea we were getting an internet connection, forget that the consultant came in and recommended a firewall solution without talking to me about the type of systems and applications we had. Well the installer new sh** about what he was doing and I had to learn all about the FW-1 1.0. I would say that this is how a goodly number of people are being introduced to firewalls and security, with some not even having the consultant. It can be easily proven with some of the postings to the firewalls@greatcircle mailing list. There is always a monthly "Hi, I have been asked to set up a security policy and need help" message. I believe that it will be a long time before this type of situation will become a rare case. There is the rush to take advantage of the business opportunities that the internet presents, and still a "It will not happen to us" attitude. The advent of an out of the box secure firewall will only heighten this feeling, and further enlarge the blinders that are in place. The human animal, crackers included, is an amazingly adaptive being and will find a way to get around barriers. I believe that if a large company is "hacked" and it causes their downfall this will push the business side of corporations to sit up and take notice. Until that time more and more administrators will become overnight security "guru's". Tim PS. For a chuckle: I originally setup the firewall to reject all packets until I had the DMZ and internal routers setup. While I was away at SANS my ex-manager decided they needed to grant access to the ftp server. Did he add a rule? Nope he just moved the server to the other side of the firewall, with the server being a out of the box Solaris machine (i.e.. all services running and default passwords in place.) It took me a while to convince him this was a bad thing and I needed to reinstall the server from scratch. :^) ------------------------------------------------------------------------ ----------------- The opinions expressed in this message do not necessarily reflect those of my employer. "If you don't know what you're aiming for, the chances of getting there are nil."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:03 PDT