Firewalls + ?

[Jose Muniz]

I desagree with you about this Lee..

> Lee Merrill wrote:
>
> Stephen,
>
> Kind of a complicated question.  Mostly the answer is based on what is
> needed in the cooperate Intranet/Extranet for protection.
>
> Security Policy/ Plan should always start it off.  Address who will
> access what, where, and why.  From there you can make a lot of
> decisions.  The quick list:
>
> Boundary firewall  (required)
> Intrusion Detection System (not required but should be if you have
> internal sensitive LANs)
> VPN for remote access (If you have telecommuters or sales people that
> need access to controlled corp. info)
> VPN for Branch office connection (If you have multiple sites that
> require communication of controlled data)
> Distributed Firewalls (personal firewalls,  Most attacks appear now to
> be from internal sources like the disgruntled worker)

How a distributed firewall, on the Users sytems will stop a disguntled
employee.
There is not and there will not be anything in the near future that can
stop disgruntled employees.

> A really good IT dept. knowledgeable in security concerns and policy.
> (probably the most important thing of all)
>
> This is pretty much the big stuff.  You can also add internal boundary
> firewalls or VPN gateways for protection of distinctly sensitive data
> centers or legacy systems. etc, etc.
>
> And then there is how you implement the whole thing.  What can you
> afford and what comes first.  And what product in particular.  Many
> companies now have systems that can handle several of these pieces in
> one box, thus making your life easier.  Not to mention the management
> of the whole mess.

This is also not a good idea, if you want to have a single box that does
it all
then you have a glass crack pipe under your desk..
The traffic flows that you should be suspisious of, are totally diferent
depending on the particular point of your infrastructure that you are
sniffing and analizing for known signatures and strage traces.
The single box quack, is nothing but BS... that only a Sales man can
believe.

I think that one of the must important things is to pay attention to
detail, and
dont slack, keep on top of it and allways think about braking in to your
own infrastrucure
and fix it as you go.
Think about the wildest ways to brake in to your own net and you will
see the holes
right away.
The Castles are also a bunch of BS, they just want to sell you more gear
if
you think about it.

> Good Luck,
>
> Lee Merrill
> IPCA Lab
> Nortel Networks
> leemerri at nortelnetworks.com
>
> -----Original Message-----
> From: Stephen Chowning [mailto:schowning at HOME.COM]
> Sent: Wednesday, March 21, 2001 7:08 PM


> In reading about security in general, and VPN's in particular, I have
> come across articles that raised a
> question. The first article made the point that any corporate officer,
> when inquiring about their network
> security and getting the answer that it consisted of firewalls alone
> should fire the person responsible for
> network security. The second article likened network security to
> castles. No security/castle is completely
> impenetrable, but the best of both had/have multiple defenses to
> heighten the effort required to penetrate,
> hopefully beyond the attacker's desire or resources.
>
> So my question is, what would be the list of multiple defenses for
> networks? Firewalls, obviously, but what
> would the others be?
>
> Stephen Chowning
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM