On Thu, 20 May 2010, Simon Hobson wrote: > Shawn Bakhtiar wrote: > > >I still say having firewalls from higher security zones to lower > >ones, does not make sense. Security is only valid when it is > >INBOUND. Outbound security is no security at all, just a pain for > >your users. > > I used to think like that, but now I'd respectfully disagree. > > It's not an answer in it's own right, but used intelligently it > provides another layer of protection. OK, if your server gets > compromised then it doesn't protect the server, but it does restrict > the damage it can do.
I'd go even farther. Although this is true more for security in general (such as protecting military secrets) than it is for email scanning, there is a place for outbound enforcement. If you have secrets to protect, you don't want them to be sent out -- either mistakenly or deliberately. Alan Stern _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
