Wireless ethernet?
Derek D. Martin
ddm at mclinux.com
Mon Aug 13 16:00:40 EDT 2001
Derek Atkins said:
> IPsec and SSH do as good a job at keeping nosy people out of your
> network. The way I would do it for a corporate LAN (and I know of
> some companies that do it this way) is to have two networks, a wired
> network and a wireless network. Keep the wireless network "outside
> the firewall" (note: I disbelieve in firewalls, c.f. my BLU talk
> about 5 years ago ;)
I'm very curious about the nature of your disbelief in firewalls, and
I'm unfamiliar with your talk.
It seems to me that perimeter security -- limiting the traffic which
can enter your network from unknown and untrusted parties on the
outside to only that which is absolutely essential for your business
or personal needs -- is an essential part of securing any site.
Firewalls are a proven tool to accomplish this goal. I'm unable to
imagine a reason why someone would not want to have one, given today's
network landscape and the (lack of) ethics rampant amongst a certain
subset of the people who hang out there.
But I don't want to make it sound like a firewall will make your site
impenetrable either; I will take this opportunity to reiterate one of
my favorite security mantras: a firewall is not a security panacaea.
There is much more to securing your site than installing a firewall,
and if you rely solely on a firewall for protection, you're probably
going to get yourself compromised some time soon.
--
Derek Martin
Senior System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list