home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!mstar!mstar!bob
- From: bob@MorningStar.Com (Bob Sutterfield)
- Subject: Re: Firewall usage
- In-Reply-To: ji@cs.columbia.edu's message of 28 Jul 92 15: 36:35 GMT
- Message-ID: <BOB.92Jul29093603@volitans.MorningStar.Com>
- Sender: news@MorningStar.Com
- Nntp-Posting-Host: volitans.morningstar.com
- Organization: Morning Star Technologies
- References: <Bs3vCz.K13@cs.columbia.edu>
- Date: Wed, 29 Jul 1992 13:36:10 GMT
- Lines: 15
-
- In article <Bs3vCz.K13@cs.columbia.edu> ji@cs.columbia.edu (John Ioannidis) writes:
- - A firewall only protects you against *known* external threats.
-
- Our firewall is set up conversely: it permits only traffic that's
- strongly suspected (notice I didn't say "known") not to be a threat.
- It's configured to give our internal users maximal access to the rest
- of the world, to give the rest of the world the sort of access to our
- net and hosts that we want them to have, and to ease our burden in
- managing systems from dozens of vendors.
-
- I'm not a lazy or unconscientious system/network administrator, I'm a
- wily one. This strategy reduces the size of my problem domain, makes
- my network manageable with limited staff resources, and lets me go
- home at night to my wife and kids when I otherwise spent evenings in
- the office, chasing crackers.
-