[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Network Segmentation Approaches

Subject: Network Segmentation Approaches
From: rsk at gsp.org (Rich Kulawiec)
Date: Wed, 6 May 2015 19:05:59 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On Wed, May 06, 2015 at 03:30:01PM -0700, Scott Weeks wrote:
> --- rsk at gsp.org wrote:
> From: Rich Kulawiec <rsk at gsp.org>
> 
> The first rule in every firewall is of course 
> "deny all" and subsequent rulesets permit only 
> the traffic that is necessary.  
> ------------------------------------
> 
> I think you got this backward?  That way all 
> traffic is blocked, so none is allowed through.  

Nope, I said exactly what I intended (and what I do, in practice).
Doing so forces one to understand in detail what traffic actually
needs to pass in/out and to craft specific rules for it.  This in
turn helps avoid making mistake #1:

	The Six Dumbest Ideas in Computer Security
	http://www.ranum.com/security/computer_security/editorials/dumb/

---rsk

References:
- Network Segmentation Approaches
  - From: surfer at mauigateway.com (Scott Weeks)

Prev by Date: link avoidance
Next by Date: Network Segmentation Approaches
Previous by thread: Network Segmentation Approaches
Next by thread: Network Segmentation Approaches
Index(es):
- Date
- Thread