On Mon, 2004-01-05 at 18:10, Nicolas Mailhot wrote:
Le lun 05/01/2004 à 23:54, seth vidal a écrit :
> > And defense in depth is a bad thing?
>
> When the cost is high defense in depth is just duplication of effort.
> If you're hosts are nicely firewalled is there a real point to site-wide
> firewalling?
Because local firewalls are taken down sometimes. Which opens exploit
windows. Extreme redundancy is bad and wasteful. Minimal redundancy OTOH
is just another way to recognise s* happens, so you're better of
planning for it.
As I said in my initial claim - if you have control over the clients,
then that's not a problem, really.
You can't always have belts and suspenders.
-sv