|
Posted by Chuck on September 5, 2007, 2:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> Ansgar -59cobalt- Wiechers wrote:
>>>> Double firewalling is standard industry practice.
>>> To achieve what? Aside from increased sales for personal firewall
>>> vendors, that is.
>>>
>>>> Do you disagree?
>>> Well, I for one most certainly do.
>>>
>>>> If so I hope you are not working as a network administrator.
>>> M-hm. You have some arguments to go with that opinion of yours?
>> Arguments? Sure. Any PC on your LAN that does not have a software
>> firewall is vulnernable if any other machine gets infected with a WORM
>> or gets hacked.
>
> So tell me: how did that other machine get hacked or infected with a
> worm in the first place? And how does the software firewall protect the
> ports you need to be open in your LAN? (because most certainly any other
> port would be closed and thus not exploitable, wouldn't it?)
>
>> It's that simple.
>
> Frankly, no, it ain't.
>
>> Remember that DNS corrupting worm from about 2 years ago?
>
> No. What "DNS corrupting worm" are you talking about?
>
>> An awful lot of network admins learned the hard way about double
>> firewalling that day didn't they?
>
> M-hm. In my network the systems are kept up to date, they don't have
> services running they're not supposed to, and the network is properly
> segmented with firewalls on the boundaries. So tell me again: what
> exactly do I need double firewalling for? Other then increasing the
> vondors' revenue, my network's complexity, and my own workload?
>
>> You can chose to disagree that double firewalling is not standard
>> industry practice but that does not change the fact that it is. A
>> simple google of "is double firewalling a standard industry practice"
>> returns over a million hits.
>
> A million flies ...
>
> cu
> 59cobalt
You've obviously not been in IT very long.
| 
XML site map