Stephen, > Stephen Sprunk wrote: > The biggest problem I've seen in Enterprise environments > is that people running Internet-accessible servers (e.g. > in the DMZ) often have no interest or motivation to follow > security policy; security is secondary to functionality. Sigh. Yes; to the point that they don't even apply services packs or patches unless they bring more functionality. > If you don't trust the owner, you have no reason to trust > the machine, and a trusted firewall is the only place left > to enforce security policies. This is especially true in colos; not only it is simpler for me to manage 2 firewalls instead of a farm of 300 servers but the fact of the matter is that two thirds of this servers are colos that I don't have control over and some of their owners are rather lame in terms of security. Michel.