Slashdot Mirror
Changes in the Network Security Model?
Kaliban asks: "As a Sysadmin, understanding network security is clearly an important part of my skillsets so I wanted to get thoughts on a few things that I've seen recently after some discussions with co-workers. Are network services becoming so complicated that application level firewalls (such as ISA Server) are absolutely necessary? Is the simple concept of opening and closing ports insufficient for networking services that require the client and server to open multiple simultaneous connections (both incoming and outgoing)?This leads me to my next question: has the paradigm of 'if you offer external services to the Internet then place those machines onto a perimeter network' been eroded? Are application level firewalls sophisticated enough to allow machines on your internal network to advertise services to the Internet? When is it alright to 'poke a hole in the firewall' to allow this? Personally, I think the answer is 'Never!' but perhaps I'm out of touch with current network security models."
You ought to be asking how you find yourself asking such rudimentary questions and yet consider yourself prepared to take on the role of system administrator.
While slammed for being paper tigers, Microsoft Certified engineers and Redhat Certified engineers have at least the proper background knowledge to confront the day to day operations of a corporate network. These simple questions that you pose are already taken care of, for the most part, and any sysadmin worth his salt has already set up scripts to handle any contingencies that may arise.
So the long and short of it is, go back to school and study up on the subject. If you already knew the answer, you wouldn't be asking the question.
don't trust anything related with linux and open source. bad stuff.
of course, if your employees are running Linux, they're not a virus vector. naturally. Linux is perfect, couldn't possibly be viruses for Linux could there...
oops.