Damon L. Chesser wrote: > Paul Johnson wrote: >> On Saturday 24 May 2008 04:19:20 pm Todd A. Jacobs wrote: >> >>> On Sat, May 24, 2008 at 11:47:05AM -0700, Paul Johnson wrote: >>> >>>> I see no advantage to host-based firewalls that couldn't be better >>>> served by a router doing filtering at the edge of the network. >>>> There's no reason to expose machines directly to the internet. >>>> >>> Internal threats? A compromised host? Lazy sysadmins? Ignorant users? >>> How would your perimeter security help there? >>> >> >> You can't solve social problems with technological means >> effectively. Odds are, if they're on your internal network and you >> consider them a security threat, you have deeper security problems >> than can't be solved short of door locks and ensuring nobody outside >> can get a connection. >> >> > I hate to say this, but the most threats are in fact internal. > Employees running amok. You have to defense against that in a a > business environment. > This is the age-old problem of relying on people that are unreliable. One of the basic solutions to this is explained in agent theory, simply states the goal is to align your business' goals with those of your employees. Easier said than done unfortunately. /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus.therning@gmail.com http://therning.org/magnus What if I don't want to obey the laws? Do they throw me in jail with the other bad monads? -- Daveman
Attachment:
signature.asc
Description: OpenPGP digital signature