I couldn't agree with you more. Every single server, service,
device, anything at all on your network should be included
in your security strategy....

I think many of us have had "embedded" devices cause problems,
whether it was an MRI running an old outdated linux, an
ultrasound device running Win NT 3.5, or whatever --
they are on the network and must be considered: antivirus,
trojans, heck even old fashioned unintentional network DOS
via nic malfunctions like beaconing or maybe misconfigured

--Patrick Darden

-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com
[mailto:firewall-wizards-bounces@listserv.icsalabs.com]On Behalf Of
Timothy Shea

But the arguments over what is and what is not a security device is a
pet peeve of mind. Its waaay past time we stop thinking what is and
what is not a "security device" and think how we configure and manage
each piece in the environment with security in mind. The firewall,
the server, the router, the load balancer, the OS, the application
code, processes, and, heck, even the switch and the wiring. The
"firewall" is becoming less and less important (and useful) as a tool
in the grand scheme of things.
firewall-wizards mailing list