security announcement<\/a> was the part where they promised “additional firewalls”. A firewall just blocks types of traffic, or traffic from certain locations. See, you can’t “stack” firewalls. Or at least, doing so shouldn’t make things any more safe. Using two firewalls for the same entry point would be like mashing two metal detectors together and making people walk through both at once. It doesn’t let you find twice as much metal, or find metal twice as fast. It doesn’t make one super-sensitive metal detector. <\/p>\nYou should have exactly one firewall on every machine, and that firewall should only allow traffic that the machine is specifically designed to handle. The webserver should only allow web traffic, and block everything else. The database should only allow database traffic, and block everything else. The mail server shouldn’t accept web traffic and the FTP server should only speak to a narrow band of trusted IP addresses, ideally machines inside of Sony offices. <\/p>\n
So what is the deal with adding “more firewalls”? Were there machines with NO firewalls on them? Or are they stacking firewalls? Or was this the layman’s way of saying, “We closed a bunch of ports that we shouldn’t have left open in the first place”? <\/p>\n","protected":false},"excerpt":{"rendered":"
I have crafted for you a comic about Sony and their PSN hi-jinks. One thing I found strange about the security announcement was the part where they promised “additional firewalls”. A firewall just blocks types of traffic, or traffic from certain locations. See, you can’t “stack” firewalls. Or at least, doing so shouldn’t make things […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[102],"tags":[],"class_list":["post-11740","post","type-post","status-publish","format-standard","hentry","category-weekly-column"],"_links":{"self":[{"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=\/wp\/v2\/posts\/11740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11740"}],"version-history":[{"count":0,"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=\/wp\/v2\/posts\/11740\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shamusyoung.com\/twentysidedtale\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/td><\/tr><\/table><\/p>\n