Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1997

NFR Wizards Archive: Re: Facts, not Fiction

Re: Facts, not Fiction

Chris Brenton (cbrentonsover.net)
Thu, 13 Nov 1997 11:12:01 -0500

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Douglas R. Steinbaum: "Re: chroot useful?"
Previous message: Steven M. Bellovin: "Re: chroot useful?"
In reply to: Paul McNabb: "Re: chroot useful?"
Next in thread: Bennett Todd: "Re: Facts, not Fiction"
Reply: Bennett Todd: "Re: Facts, not Fiction"
Reply: chuck yerkes: "Re: Facts, not Fiction"
Reply: Andreas Siegert: "Re: Facts, not Fiction"

Andreas Siegert wrote:

> >-----Forwarded message from > >-----Forwarded message from Hartmut.FehlingHamburg-Mannheimer.de-----
> >How far DO YOU (all of you out there) trust the current products to do what
> >they are supposed to do?

> Unless the customer is on an extreme low budget, I alway use a multistage
> design. Anything else would be irresponsible in my opinion.
>
> afx

I guess I have a bit of a problem with blanket statements like this one. It
insinuates that there is a "one size fits all" solution to protecting a network
which is clearly not the case. A risk analysis should be performed in order to
determine what level of security is actually required. Let me throw out a few
examples:

Case 1: A pure Mac shop with an ISDN connection to the Internet. There are no
internal IP services. Users connect through the ISDN connection in order to access
POP mail from an ISP and browse the web.

Case 2: A national bank running the latest UNISYS system with integrated NT
server. System access is via IP. The bank has a T1 connection to the Internet and
wishes to allow customers to administrate their bank accounts via the Internet.

While these two cases are a bit extreme, it's clear that they do not require the
same level of security. A multistage design for case 1 would probably be overkill.
Again, this is all IMO. Insisting that a multistage design is always required so
long as the customer can afford it, rings too much like a sales person who knows
what they want to sell you before they even know what you need.

Cheers,

Chris

******************
cbrentonsover.net
http://www.amazon.com/exec/obidos/ISBN=0782120822/9715-9242453-752818

Nothing is fool-proof to a sufficiently talented fool.

Next message: Douglas R. Steinbaum: "Re: chroot useful?"
Previous message: Steven M. Bellovin: "Re: chroot useful?"
In reply to: Paul McNabb: "Re: chroot useful?"
Next in thread: Bennett Todd: "Re: Facts, not Fiction"
Reply: Bennett Todd: "Re: Facts, not Fiction"
Reply: chuck yerkes: "Re: Facts, not Fiction"
Reply: Andreas Siegert: "Re: Facts, not Fiction"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:09:48 CDT