Paul Robertson said:
> Firewalls are certainly capable of blocking a lot of this stuff- and I
> don't believe that the problem is just home users- am I wrong, or do we
> have too many places with too lax a security policy anymore?
While the IRC traffic you mention may or may not be increasing[1], the
underlying problem you identify is not new. Firewall administration has
become so simple that many refuse to think about it. It's just the bad evil
people on the outside that holds administrator's attention.. Little
contingency is made for what happens when[2] someone gets in.
I was rather alarmed at one point a few years ago when a rival organization
scanned my network with SNMP traffic. I notified their whois point of
contact, and forwarded it up my management chain to be handled at that
layer. Eventually it got blamed on a buggy HP printer drivers[3], which is
innocent enough. But the it was frightening that a security software company
wouldn't filter outbound traffic.
[1] I can neither confirm nor deny, I don't have metrics.
[2] Specifically "when", not "if".
[3] They scanned the entire class A network they were installed on. That's
because HP has/had an entire class A themselves.
--
Dodge
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- application/pgp-signature attachment: stored
Received on Feb 02 2004
Intro
