On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote: > On Tue, May 21, 2002 at 11:56:48AM -0400, Nathan Hawkins wrote: > > He's out of date WRT current practice. And some networks have more than > > one gateway, in which case it can be desirable to administer on the > > hosts with the relevent services. > Wouldn't it be more secure to use two (or at least one) dedicated > firewalls on each way out of the LAN? Wouldn't it be more secure to audit every line of code in the kernel and the entire distro on a daily basis? Probably, but we can't afford it. Not everyone can afford dedicated firewall boxes either. Even if they can, defense-in-depth would indicate that they should use a dedicated firewalling on the server as well as a dedicated firewall box and access control at the application level and whatever else they can arrange. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``BAM! Science triumphs again!'' -- http://www.angryflower.com/vegeta.gif
Attachment:
pgpEnvzEcBCw_.pgp
Description: PGP signature