Friday, September 10, 2004

Firewall enforcement

Although I think it's a good idea that as many people as possible use
firewalls for their computers and their home networks (this is two
separate issues, BTW) but I don't think anyone should be able to mandate
it outside of a corporate network.

This
discussion
is very scary and reminiscent of a recent presentation
that I attended where the speaker suggested mandatory PKI IDs for each
and every Internet user. There are some serious enforcement and privacy
issues involved.

Don't forget, one size does not fit all. The machine
that I'm setting at, as an example, passes through two firewalls and a
web proxy (for HTTP) or a virus/spam scanner (for SMTP, in both
directions) to connect to the Internet. However, it's nobody's business
whether or not I do this. Forcing me to use a specific firewall is
likely to involve an OS change and a degradation in security on my
part. Mine is considered non-standard and is customized (tuned) to
protect my configuration. To paraphrase the more paranoid militia
types: you'll get my firewall when you pry it from my cold, dead hands.
(Hmmm... Bumper-sticker material?)

No comments:

Post a Comment