On Tue, Jan 5, 2010 at 9:20 PM, Rich Kulawiec <rsk@gsp.org> wrote:
A firewall is another layer in a defense-in-depth strategy, but tends to only be truly effective if the first rule in it is
deny all from any to any
Not surprisingly, good network security starts with and incorporates the protected users as its most important element. Start with "deny all" and not only won't they work with you, the more creative among them will teach the others how to work around you. I've seen it over and over again and the faulty design always starts with a deny-all mentality. Can you imagine a deny-all mentality in physical security? I'm sorry sir, you can't leave your house until you justify your need to walk down the street. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004