THE OFFICIAL BLOG OF THE SBS DIVA

“One nic [network card] is better than two nics“

“A hardware firewall is better than a software firewall“

I was reminded by these “mine is better than yours” by a post by Rory.  He starts out by relating the story of Nike and how he thought if he only had the “swoosh” on his side, he'd be better, stronger, he'd be just ... just more.  Well he found out that shoes do not make the man.  He uses it as an analogy over “language wars”.

The same can be said in SBS land.  I'm guilty in the newsgroups of posting in a “pompous manner' oh don't do it with a one nic, always do it with two nics, but you know what?  I'm second guessing that consultant who [if they've done what they are supposed to do], analyzed the client, looked at the issues they face and determined the best solution.  At the same time, for all those folks that recommend one nic, don't blame me for liking and recommending two network cards.  I like having the separation and feeling like I'm doing it like the big boys. I'll paraphrase Rory's question but in the case of SBSland where we can do things in many many ways.....

1) Can it do the job well?

2) Can it do the job in a way which pleases you?

If you can answer "yes" to these two questions, then you have the right bloody “technology“, and don't let anybody tell you otherwise.

As long as both methods work, keep the networks safe, and provide that company with what they need, does it matter how you do it?  It provides a solution.  So let's get past arguing what is the “best practice“ as what is “best“ for you might not be “best“ for me.  The “best“ solution is one where the consultant has set up “the“ firewall [whatever brand], in a manner that it is controlled, auditable, confirmed to only have those ports open what is it was intended to have open, configurable only by those who are authorized to configure it, and without known vulnerabilities. As long as whatever technology is in place protects and defends that network exactly when it needs it, who cares what is used?