Firewalls, Security, and Risk Management

Previous page
Table of content
Next page


We believe it's important to discuss the topics of security and risk management, as they relate to firewalls, before we can jump into the process of troubleshooting. After all, your firewall problem might be something fundamental, as opposed to just a misconfiguration that's affecting your security in a very negative way. We strongly believe that you cannot manage a firewall without first thoroughly understanding risk management and computer security.

To begin, it's important to define what security is. Security is defined in some places as "freedom from risk." Some people would perceive this to mean "absence of risk," but we prefer to see it as freedom from its negative effects. The risk might still exist, but you are free to act (or not act) in spite of that risk. In some cases, you can even eliminate specific risks; in others you cannot but must still act with that risk looming, if you will, over your head. The bottom line is that you properly manage the risks around you so that you can reach a state of being "secure enough." That's what security really is. You can't make all the risks go awaythat's impossiblebut it doesn't stop people from trying to do it or simply telling themselves those risks don't exist. This is where the problem begins for too many organizations, but given that you are reading this book, you're already on your way to doing better. Learning to accept that risk is a part of life. You have to learn to manage the risks in your life to be "secure enough."

With that said, we are principally concerned with what is referred to as effective securitythat is, the effort undertaken to manage risk in a calculated, economically feasible and tolerable manner to achieve some goal or set of goals. In a more practical sense, it's useful to think of security as those actions you take to protect yourself from risks that are preventing you from taking certain other actions. To be more succinct, security is everything you do to make it possible to do the things you do.

For example, if you wanted to go for a ride in a car but were concerned with safety, you might wear your seatbelt. You might also want to know how to drive that car and that the weather conditions outside were good enough to make your trip as safe as you wanted it to be. Or you might be a risk taker and be perfectly happy jumping out of an airplane with nothing but altitude and a parachute between you and certain death. In both cases, you might feel totally "secure." For each person, the decisions you arrive at that tell you have achieved that state of "security" are different. They are each dependent on how much risk you are willing to accept and how much you can afford at that particular moment given the information at your disposal.

The bottom line with security is this: Security is not a set of products, technologies, patches, or anything else technical, written, or dictated. It's a process. Security doesn't exist in natureonly the process of becoming "secure enough." Security is about managing your risks and taking actions that allow you to move ahead without getting eaten. When designing your firewall, keep this in mind. You can't stop everything, but you can keep the risks within your range of acceptance.


    Previous page
    Table of content
    Next page
    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169
    BUY ON AMAZON
    Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
    Certified Ethical Hacker Exam Prep
    A Practitioners Guide to Software Test Design
    Java How to Program (6th Edition) (How to Program (Deitel))
    After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
    Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy