[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vs. firewalls



Perry E. Metzger wrote:
> 
> Dan Stromberg writes:
> > > The problem is that for a corporate network of any substantial
> > >   size, there will *never* be a way to make the interior
> > >   crunchy.
> >
> > I have to disagree.
> >
> > Eventually, I believe it is reasonable to expect that vendors will
> > automate patch application, and that patches will be obtained from the
> > vendor over the network.
> 
> I don't mean to sound nasty here, but in some of the financial
> environments I work in integration labs work year round carefully
> vetting applications before rollout, and nothing hits the production
> equipment without extensive testing. Are you going to tell me that
> people who have to be that paranoid lest you call up bitching about
> your broker not being able to get a trade done for you are going to
> let random vendors automatically change software on their networks?
> 
> No way in hell.

Clearly it's not for everyone.

But I believe most businesses will leap at it.

It's already starting.  If you want to stop it, you probably better
start a huge propaganda campaign -today-.  I have no idea who you'd have
to convince tho.  It's probably inevitable.

I imagine the best you can hope for, is the option to turn it off.


Follow-Ups: References: