RE: GXD vs. SPF

Frederick M Avolio (fredavolio.com)
Wed, 30 Sep 1998 10:14:18 -0400

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Daniel J. Gregor Jr.: "Re: BIND bindings"
• Previous message: Darren Reed: "Re: are firewalls limited to only protecting ehternet connections?"

At 09:56 AM 9/30/98 -0400, Paul D. Robertson wrote:
>The worst thing I see about this model is that it doesn't reliably give
>you an index to how much protection you're getting from the firewall.

Of course not. However a larger and larger percentage of firewall customers
are caring less and less about such things. Just yesterday on this, the
other list, or the newsgroup (life's a blur) someone was trying to decide
on Brand A or Brand B firewall. Security was not mentioned, not because
the company doesn't care, but I think because it is assumed: well, these
are the #1 and #2 companies so they must be good. And hey, Brand A supports
over 300 services through their firewall!

You've correctly distilled things back down to the two paradigms:

        That which is not expressly (expressly mind you) permitted is prohibited.

        That which is not expressly prohibited is permitted.

This tension will continue to go on for years. It is an identical struggle
to one in Christiandom regarding worship and the regulative principal. Does
God tell us what to do in worshiping him and how much can we deviate from
it, or does he just tell us what not to do and anything else is fine.

In the market the "what is not prohibited is permitted" crowd wins because
it seems that is what most people in practice want. It is not secure. It is
not safe. (Just recall what happened to Aaron's sons Nadab and Abihu as
chronicled in Leviticus 10.)

Fred

• Next message: Daniel J. Gregor Jr.: "Re: BIND bindings"
• Previous message: Darren Reed: "Re: are firewalls limited to only protecting ehternet connections?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:55 CDT