Firewall cost vs benefit

Zaph0d · 10-02-2005 1:31pm #1

Last place I worked building IT systems was firewalled up to the hilt. The company had grown as a result of mergers over the years, and as the departments has merged the firewalls hadn't kept pace. Often you would find a department with certain staff firewalled off form others for historic reasons. Other tikmes a building would be firewalled, even though the people inside had no reason to be considered as a coherent functional group.

Anyhow, any work I did there involved a huge amount of time to identify all the firewalls between the individual components and then obtain permissions from various trolls and goblins to tunnel through on various ports in one or both directions. Sorting out the firewalls was often the lengthiest task in a project.

How the security teams decided which access requests to allow or disallow I don't know. Whether they ever attempted to audit their swiss cheese firewall structure I also don't know.

All the while I had admin control over enough of the company's most valuable data and all backups to sink it in a few keystrokes yet I had to fill in forms to get port 21 opened for certain IP numbers between building X and building Y.

I came to view security as a waste of time.

I thought of this because I got a new PC last week and couldn't ping it from any other machines on my home LAN. turned out that ICMP was blocked by default by two pre-installed programs: Norton and XP SP2 firewall. Waste of time again. However I expect that if the simplest tasks involving computers are kept complex in this way that my future employment is secure. So maybe all this security is good for my job security!