Mailinglist Archive: opensuse-factory (1324 mails)

< Previous Next >
[opensuse-factory] Re: leap42 - minimum server pattern has become too minimum
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Fri, 23 Oct 2015 22:45:51 +0000 (UTC)
  • Message-id: <n0edau$ilc$1@ger.gmane.org>
On Sat, 24 Oct 2015 00:32:49 +0200, Dominique Leuenberger / DimStar wrote:

Really? Sorry - no: I have NEVER worked in an enterprise where the
firewall was not centralized BEFORE the server farm... maintaining
firewall rules in every single instance is certain to give you headaches
which you do not need.

Actually, it's becoming more and more common not to depend on a perimeter
defense. Just look at the big data breeches that have happened over the
past couple of years - in most of those instances, the exploit took place
inside the firewall.

Many companies - and not small ones, Google is one that is moving in this
direction - are doing away with perimeter security and instead
restricting access based on device and user authentication (generally
coupled with multi-factor authentication). Architecting systems in this
way makes it more difficult to use a backdoor in one system to get into
another system, because the network is treated as untrusted.

Jim

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread