RE: Fw: [ISN] Firewalls a dangerous distraction says expert

  • From: "Ball, Dan" <DBall@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 9 Jul 2005 00:55:56 -0400

Reading that article made me wonder a bit...  Doesn't he have a firewall
"of sorts" on each one of those host computers he is referring to?  It
leads me to believe that his interpretation of a "firewall" is limited
to a stereotypical hardware firewall.  One where you have no control
over what traffic goes where, you simply "open a port".  

Introduce him to the concept of ISA, where you can tell what
ports/protocols/etc. are allowed to go to which servers from which end
stations...  He "might" change his tune.  

At least we know he's not a hard-core Cisco fanatic.


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Friday, July 08, 2005 11:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Fw: [ISN] Firewalls a dangerous distraction says
expert

http://www.ISAserver.org

Hi Jim,
Absolutely. The firewall is part of a comprehensive defense in depth
architecture. But what this guy is saying you don't need a door, a lock,
a fence, a dog or a scarecrow to protect your home. Just keep a gun
under your pillow and hope you get him before he gets you :)

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: Friday, July 08, 2005 10:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Fw: [ISN] Firewalls a dangerous distraction says
expert

http://www.ISAserver.org

I hate to say so, but there is some truth to his statements.
How many times have we heard the cry of "why can't ISA protect me from
an internal virus attack?"

Granted, we've brought this on ourselves by:
1. responding to every user who says "do it for me" with one weirdzard
or another
2. marketing products as if they're the be-all, end-all of your security
technique

The fact is (and I know most of you will agree) that what he should have
said is "ok - use a firewall if you want, but don't stop there!"

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
Sent: Friday, July 08, 2005 07:44
To: [ISAserver.org Discussion List]
Subject: [isalist] Fw: [ISN] Firewalls a dangerous distraction says
expert

http://www.ISAserver.org

Great.  Just what we needed-- a "security researcher" at the SDSC
telling us 
that firewalls are a "dangerous distraction."

Ra, Ra, Ra.

t

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2005