FC3 Security

[James Wilkinson]

Scot L. Harris wrote:
> Sounds like a recipe for disaster.  IMHO any network admin that does not
> segregate their network into LANs used for specific purposes and apply
> firewalls between those LANs as well as out to the Internet are simply
> contributing to the overall problem.

It somewhat depends on the size and "shape" of the network. It should be
obvious that the threat from inside a network is related to the size of
that network (add another hundred workstations and people on them, and
you've added a lot more internal threat), the sort of people on them
(are you likely to have anyone who is deliberately malicious?), and how
much you can lock down the workstations.

Small networks don't get attacked from inside nearly as much as big
networks do.

And I'm not sure that "segregation into specific purposes" is always
practical, either.

For example, the small (less than one hundred user) networks of which I
know have shared disks, printing, access to e-mail and the Web, and
access to the appropriate accounting / stock control systems (which is
needed practically everywhere). And practically no departments of more
than ten people, and lots of inter-departmental working. And servers are
per-task or per-several tasks, not per-department or per-building.

Security is never absolute. There is always more you could do. But there
does have to come a time when you say "we've got enough security in
depth to those problems".

James.

-- 
E-mail address: james | Today Has Been Two Of Those Days.
@westexe.demon.co.uk  |     -- Mike Andrews