[EMAIL PROTECTED] wrote:
>
> Jeff says/asks,
>
> > A commonly-held conception in the commercial world (in my experience) is that
> > most threats to "corporate security" come from the Internet-at-large, and
> > therefore being behind a firewall is a Good Thing and generally Sufficient.
>
> I believe this is a very wrong notion. However I want to point out that even if
> one is concerned only/mainly about external threats, a firewall is still only a
> very limited solution. In fact, I believe firewalls are no match for a
> determined attacker, for the following simple problem with the firewall approach
> (rather than with a specific one): firewalls cannot prevent a program running on
> the internal network from bypassing it. Now, getting one program to run in one
> computer within an organization is fairly easy - any good trojan horse or virus
> can do this. So, a determined attacker can by pass any firewall - and
> organizations should use additional tools to defend. (and this time I'll stop
> here :-)
How does this trojan horse or virus get onto the targetted computer? I
don't know what you run behind your firewalls, but I certainly don't run
anything that could get trojaned or virused.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
