>There were people at Sun and personal friends >who understood that I had a multi-billion dollar brokerage and trading >operation to worry about; .. Certainly >nothing wouldhave happened to anyone at CERT were I penetrated Perry, While I certainly have shared similar frustration with CERT at times of crisis, I'm not sure I completely understand the level of angst that appears to be going on for you. I'm curious; have you informed your company management that they cannot realistically completely depend on your firewall ? As you well know, the state of Internet firewall technology (esp built with Unix) is far from perfect. Previously unknown security holes are discovered with disconcerting frequency. One of the things I tell my clients before they connect to the Internet is that THEY assume some risk by creating a connection to the Internet (or adding dial-up modems, or any other type of external connection for that matter ;). Given the reality of external connections (firewall, modems, or whatever); internal sites/machines with high security requirements MUST take responsibility and do whatever is necessary to secure themselves. I think anyone who installs or operates an Internet firewall without completely drilling these points home to their clients or managment is being remiss in their duty. Cheers, ________________________________________________________________________ John Larson Internet Consultant Email: jlarson@jnl.com Voice: 408-662-9755, Fax: 408-662-9756, Pager: 408-662-4174 US Mail: PO Box 1120 Aptos, CA 95003