Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!sun-barr!lll-winken!iggy.GW.Vitalink.COM!nocsun.NOC.Vitalink.COM!riscit.NOC.Vitalink.COM!ejm From: ejm@riscit.NOC.Vitalink.COM (Erik J. Murrey) Newsgroups: comp.protocols.tcp-ip Subject: Re: well-behaved firewalls Message-ID: <1991Jun27.003015.5238@nocsun.NOC.Vitalink.COM> Date: 27 Jun 91 00:30:15 GMT References: <1991Jun25.003609.22406@pa.dec.com> Sender: usenet@nocsun.NOC.Vitalink.COM Organization: Vitalink Communications, Fremont, California Lines: 30 Nntp-Posting-Host: riscit.noc.vitalink.com In article , tr@samadams.princeton.edu (Tom Reingold) writes: |> Forgive me if I am mentioning something that has been discussed here |> before... |> |> Is this sort of approach a "good idea"? It has become common, with |> different methods of implementation. Would it not make more sense to |> take the burden of security away from networks and put it on hosts? To |> me, it seems that firewalls like these are analogous to roadblocks on |> highways that are placed there because a criminal MIGHT be using the |> road to commit a crime. I prefer to be presumed innocent and I like |> having a road that is free for both me and the criminals. I prefer |> banks putting up heavy locks to prevent robberies over roadblocks on |> roads. |> I wish the world were perfect enough to do this. Why configure all 10,000+ hosts with stiffer security options when you have small handful of gateways connecting them to the outside world? You also better hope that all 10,000+ hosts are running new enough software to prevent the network attacks that a firewall can stop. And please tell me what happens when an Engineer connects his brand-spanking-new workstation to the network with no passwords on his accounts. Do you have a security patrol that checks? --- Erik J. Murrey Vitalink Communications NOC ejm@NOC.Vitalink.COM ...!uunet!NOC.Vitalink.COM!ejm