On 7/26/05, Siju George <[EMAIL PROTECTED]> wrote: > On 7/26/05, Bruno Delbono <[EMAIL PROTECTED]> wrote: > > +++ Siju George [Tue Jul 26, 2005 at 10:18:56AM +0530]: > > > > > how much truth is actually in this article??? > > > > It makes a lot of sense and is right on. What I take out of this article is > > that having one single firewall (can be any type: network, application etc.) > > at the perimeter doesn't stop hackers. > > > > I don't see what really alarmed you? > > > > Thanks for the reply Bruno. Just the thing whether this is the current > trend. eliminating firewalls and going for an alternative like he > mentioned?
You completely missed the point. The point was that the "crunchy on the outside, chewy on the inside" security model is wrong. A single perimeter firewall tends to allow the inside network to be woefully unsecure and this is something to be avoided. Or, put another way, the single greatest failing of a firewall is that it allows people to continue behaving unsafely. Think about it: if every host you control is set up to survive contact with an evil host, then it doesn't matter much if someone out there tries to break in, or someone brings in a virus-laden laptop or whatever else. So maybe the elimination of "the firewall" is a worthwhile pursuit so long as you keep an eye toward properly bolting down your empire. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
