Paul Johnson wrote:
I hate to say this, but the most threats are in fact internal. Employees running amok. You have to defense against that in a a business environment.On Saturday 24 May 2008 04:19:20 pm Todd A. Jacobs wrote:On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote:I see no advantage to host-based firewalls that couldn't be better served by a router doing filtering at the edge of the network. There's no reason to expose machines directly to the internet.Internal threats? A compromised host? Lazy sysadmins? Ignorant users? How would your perimeter security help there?You can't solve social problems with technological means effectively. Odds are, if they're on your internal network and you consider them a security threat, you have deeper security problems than can't be solved short of door locks and ensuring nobody outside can get a connection.
-- Damon L. Chesser damon@damtek.com http://www.linkedin.com/in/dchesser