On Tue, May 21, 2002 at 06:09:08PM +0200, Marcus Brinkmann wrote:
> On Tue, May 21, 2002 at 11:56:48AM -0400, Nathan Hawkins wrote:
> > He's out of date WRT current practice. And some networks have more than
> > one gateway, in which case it can be desirable to administer on the
> > hosts with the relevent services.
> Wouldn't it be more secure to use two (or at least one) dedicated
> firewalls on each way out of the LAN?
Wouldn't it be more secure to audit every line of code in the kernel
and the entire distro on a daily basis? Probably, but we can't afford
it. Not everyone can afford dedicated firewall boxes either. Even if they
can, defense-in-depth would indicate that they should use a dedicated
firewalling on the server as well as a dedicated firewall box and access
control at the application level and whatever else they can arrange.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``BAM! Science triumphs again!''
-- http://www.angryflower.com/vegeta.gif
Attachment:
pgpEnvzEcBCw_.pgp
Description: PGP signature