[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec vs. firewalls
Perry E. Metzger wrote:
>
> Dan Stromberg writes:
> > > The problem is that for a corporate network of any substantial
> > > size, there will *never* be a way to make the interior
> > > crunchy.
> >
> > I have to disagree.
> >
> > Eventually, I believe it is reasonable to expect that vendors will
> > automate patch application, and that patches will be obtained from the
> > vendor over the network.
>
> I don't mean to sound nasty here, but in some of the financial
> environments I work in integration labs work year round carefully
> vetting applications before rollout, and nothing hits the production
> equipment without extensive testing. Are you going to tell me that
> people who have to be that paranoid lest you call up bitching about
> your broker not being able to get a trade done for you are going to
> let random vendors automatically change software on their networks?
>
> No way in hell.
Clearly it's not for everyone.
But I believe most businesses will leap at it.
It's already starting. If you want to stop it, you probably better
start a huge propaganda campaign -today-. I have no idea who you'd have
to convince tho. It's probably inevitable.
I imagine the best you can hope for, is the option to turn it off.
Follow-Ups:
References: