comp.security.firewalls archive
Re: A Question about FireWall logging
Date: Thu Mar 30 2006 - 03:44:03 CEST
On 29 Mar 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1143665963.464453.19250@e56g2000cwe.googlegroups.com>, carkaci@gmail.com
wrote:
>Dear Moe Trin, to make it clear,
>you think "In general, there is no need to enable full logging, most of
>the time accepted packet logging is enough". Am i right?
Yup - the less work spent blocking, the better off you are. "The bad guy"
isn't getting in - that particular battle is over. There is no Internet
Police, and nothing else you can (or need to) do.
Some people think it's great to have two or more firewalls blocking an
intrusion attempt "in case the first one fails". I fail to see any
reason to do so, as a proper firewall should not fail, and in the unlikly
event that it does, it should fail in the 'block' mode. If it doesn't
fail in that mode, it should never be installed in the first place..
Old guy
Received on Mon May 1 01:03:26 2006