FC3 Security

[Aleksandar Milivojevic]

Rick Bilonick wrote:

> Here are some additional details. The local IT for the data center has 
> no central firewall. Each computer is on it's own and has to run a 
> firewall. (The data center could use a firewall but it would have to be 
> maintained by the university - and the data center doesn't want to have 
> to deal with the university running a firewall for them.) Also, all the 
> printers are available to anyone who knows their IP address - they don't 
> sit behind any firewall. (This is SOOOO different from my previous 
> position in the corporate world where all the computers and printers 
> were behind a firewall.)

This sounds so much like university setting.  Everything wide open.  And 
so much rules that are setup for sole purpose of having excuses if/when 
something goes wrong.  Releying on only end-machine firewalls that any 
user can turn off with a click of a mouse first time something doesn't 
work.  That's ridicilous.  A single departmental firewall would make 
their network so much more secure, than all the rules you described so 
far.  But then, running firewall requires some knowledge.  Making rules 
that are ment only to cover your ass doesn't require any real technical 
knowledge ;-)

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7