[SunRescue] Re: Help!
Robert Rose
rescue at sunhelp.org
Fri Apr 20 05:37:04 CDT 2001
>If the customer actually says "Damn the torpedos! Full speed ahead!"
>then don't call it a firewall and don't install any security whatsoever
>and give them a quote to come back and "do it right" at some later time.
>(and give them a warranty disclaimer that explicitly voids anything to
>do with attackers or even blundering fools)
Where I work, we don't call this a firewall, we call it a
firebridge. Amusing as it may sound, it's actually an accurate description
and helps the clients realise that although it's using firewall software,
it's not actually providing any protection to them. It does help to sort
out what is going on at the client's network boundary and provides a good
starting point once we show the logs to the clients. Typically the time
taken between reviewing the logs and making changes to actually restrict
traffic is very short indeed!
>Either that or walk away if you think the threats are serious enough to
>pose a real risk. No trustworthy engineer will knowingly build a bridge
>that will fail no matter how much money the customer has and how quikly
>they need to cross the gorge.
Well, I wouldn't say the firebridges I've seen would fail, it's just that
they were never sufficiently secure in the first place, but the clients
understood that. Once the clients wanted changes made and we're happy with
the ruleset, then we can both call it a firewall.
cheers,
Rob.
More information about the rescue
mailing list