Wireless ethernet?

[ddm at mclinux.com (Derek D. Martin)]

Derek Atkins said:

> IPsec and SSH do as good a job at keeping nosy people out of your
> network.  The way I would do it for a corporate LAN (and I know of
> some companies that do it this way) is to have two networks, a wired
> network and a wireless network.  Keep the wireless network "outside
> the firewall" (note: I disbelieve in firewalls, c.f. my BLU talk
> about 5 years ago ;)

I'm very curious about the nature of your disbelief in firewalls, and
I'm unfamiliar with your talk.  

It seems to me that perimeter security -- limiting the traffic which
can enter your network from unknown and untrusted parties on the
outside to only that which is absolutely essential for your business
or personal needs -- is an essential part of securing any site.
Firewalls are a proven tool to accomplish this goal.  I'm unable to
imagine a reason why someone would not want to have one, given today's
network landscape and the (lack of) ethics rampant amongst a certain
subset of the people who hang out there.

But I don't want to make it sound like a firewall will make your site
impenetrable either; I will take this opportunity to reiterate one of
my favorite security mantras: a firewall is not a security panacaea.
There is much more to securing your site than installing a firewall,
and if you rely solely on a firewall for protection, you're probably
going to get yourself compromised some time soon.

-- 
Derek Martin
Senior System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).