Re: mitigating the lack of a firewall

From: Marcus J. Ranum (mjrat_private)
Date: Tue Feb 15 2000 - 08:43:45 PST

Next message: Marcus J. Ranum: "RE: Automated IDS response"

Previous message: Marcus J. Ranum: "Re: open all TCP/UDP in Gauntlet (fwd)"
Maybe in reply to: Bruce H. Nearon: "mitigating the lack of a firewall"
Next in thread: Starkey, Kyle: "RE: mitigating the lack of a firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ryan Russell wrote:
>What do you mean "site"?
>
>If you're talking about a bunch of machines, certainly not.  Not without
>making the NT machine something that constitutes a firewall.

This is an important point I think is worth emphasizing. If every
machine on your DMZ _is_ as strong as a firewall, you don't need
a firewall. Firewalls only make sense when you have mixtures of
machines that have weak security with networks that have bad guys
on them. ;)

mjr.

Next message: Marcus J. Ranum: "RE: Automated IDS response"
Previous message: Marcus J. Ranum: "Re: open all TCP/UDP in Gauntlet (fwd)"
Maybe in reply to: Bruce H. Nearon: "mitigating the lack of a firewall"
Next in thread: Starkey, Kyle: "RE: mitigating the lack of a firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:39 PDT