begin Jeff Bailey quotation: > On Tue, May 21, 2002 at 05:17:16PM +0200, SpyderMan wrote: > > > Great, another compelling reason to ditch firewalling support. > > Not at all, but someone who thinks that firewalling provides any > reasonable measure of security hasn't been paying attention - > corporate firewalls are breached on a regular basis. If your network > isn't inherently secure, slapping a firewall on the end isn't going to > make it secure. No network is inherently secure unless it's cut off from the outside world. (And in the most literal sense, few networks are ever _completely_ cut off -- they're usually accessible by sneakernet, if nothing else.) > Firewalling serves the purpose only of covering holes that shouldn't > be there in the first place. It sounds like you're living in a fantasy world in which all vulnerabilities are known and can be protected against. Which is clearly not what the real world is like. Holes exist for any number of reasons -- machines that aren't under the network admins' control, bugs that have not yet been publicized and patched (but which may be known to the black hats), etc., etc. If you can add extra barriers to prevent or limit the effect of exploits when other preventative measures fail, then your network is a little more secure than it would be without those barriers. Which is what firewalls are all about. Of course, the firewall may fail too; but that's one reason among many why a firewall, by itself, isn't a guarantee of complete security. Craig
Attachment:
pgpa4X8Za0XGD.pgp
Description: PGP signature