Reading that article made me wonder a bit... Doesn't he have a firewall "of sorts" on each one of those host computers he is referring to? It leads me to believe that his interpretation of a "firewall" is limited to a stereotypical hardware firewall. One where you have no control over what traffic goes where, you simply "open a port". Introduce him to the concept of ISA, where you can tell what ports/protocols/etc. are allowed to go to which servers from which end stations... He "might" change his tune. At least we know he's not a hard-core Cisco fanatic. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Friday, July 08, 2005 11:14 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Fw: [ISN] Firewalls a dangerous distraction says expert http://www.ISAserver.org Hi Jim, Absolutely. The firewall is part of a comprehensive defense in depth architecture. But what this guy is saying you don't need a door, a lock, a fence, a dog or a scarecrow to protect your home. Just keep a gun under your pillow and hope you get him before he gets you :) -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, July 08, 2005 10:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Fw: [ISN] Firewalls a dangerous distraction says expert http://www.ISAserver.org I hate to say so, but there is some truth to his statements. How many times have we heard the cry of "why can't ISA protect me from an internal virus attack?" Granted, we've brought this on ourselves by: 1. responding to every user who says "do it for me" with one weirdzard or another 2. marketing products as if they're the be-all, end-all of your security technique The fact is (and I know most of you will agree) that what he should have said is "ok - use a firewall if you want, but don't stop there!" ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Friday, July 08, 2005 07:44 To: [ISAserver.org Discussion List] Subject: [isalist] Fw: [ISN] Firewalls a dangerous distraction says expert http://www.ISAserver.org Great. Just what we needed-- a "security researcher" at the SDSC telling us that firewalls are a "dangerous distraction." Ra, Ra, Ra. t