On 2023-05-01 20:02, Lew Wolfgang wrote:
On 5/1/23 10:28, Per Jessen wrote:
It's good security practice, we've been doing it for decades. I'm sorry, what is "good security practice"? not trusting your trusted network?
Networks that host Windows boxes can never be trusted! There are just too many malware vectors targeting Windows.
Indeed, that we could do that was once justification to not use Windows! It protects well-behaved Linux boxes from those rude and insecure Windows cesspools on the same subnet. In other words, you don't have a trusted network, hence the need for firewalls. Makes perfect sense.
I guess you have a Maginot Line kind of a network, Per. A crunchy crust with a soft center? Defense in depth is a well recognized method for protecting your assets. See here for a description:
He just doesn't have any Windows machines, so he doesn't realize the need for protection inside. Most successful attacks come from inside. Your network can be fully protected and well cared, then one day one employee is subverted, or suffers an accident, and as there is no protection inside (aka no firewalls inside), the damage rampages free across the company.
https://www.fortinet.com/resources/cyberglossary/defense-in-depth
We've been doing it since 1986 when I set up our first IP network with Sun Microsystems boxes. Alas, I did have my failures though. We were smitten by the Morris Worm in 1988. Our connection to the outside was via a 19.2-KBaud SLIP connection at that time. You might recall that the vector for the Worm was the "finger" protocol. Then, I was compromised by a flaw in ssh vers 1.2 around 2001. There was a hole in the host-based firewall for port 22. We increased the depth of our defense after that one.
Regards, Lew
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)