[SunRescue] Re: Help!

[Robert Rose]

 >If the customer actually says "Damn the torpedos! Full speed ahead!"
 >then don't call it a firewall and don't install any security whatsoever
 >and give them a quote to come back and "do it right" at some later time.
 >(and give them a warranty disclaimer that explicitly voids anything to
 >do with attackers or even blundering fools)
Where I work, we don't call this a firewall, we call it a 
firebridge.  Amusing as it may sound, it's actually an accurate description 
and helps the clients realise that although it's using firewall software, 
it's not actually providing any protection to them.  It does help to sort 
out what is going on at the client's network boundary and provides a good 
starting point once we show the logs to the clients.  Typically the time 
taken between reviewing the logs and making changes to actually restrict 
traffic is very short indeed!

 >Either that or walk away if you think the threats are serious enough to
 >pose a real risk. No trustworthy engineer will knowingly build a bridge
 >that will fail no matter how much money the customer has and how quikly
 >they need to cross the gorge.
Well, I wouldn't say the firebridges I've seen would fail, it's just that 
they were never sufficiently secure in the first place, but the clients 
understood that.  Once the clients wanted changes made and we're happy with 
the ruleset, then we can both call it a firewall.

cheers,

Rob.