Home page logo

nanog logo nanog mailing list archives

firewall == network diaper, ranting in HTML
From: neal rauhauser 402-301-9555 <neal () lists rauhauser net>
Date: Thu, 14 Aug 2003 11:15:52 -0500

   I've got to wonder about someone who posts a rant to nanog to begin
with and I'll give you kudos for having the balls to format it in HTML
as well. Below I included the text of the message sans large aqua font &
other HTML 'enhancements'.

   I think you rather missed my point - machines with incontinent TCP/IP
stacks or incontinent applications should not be plugged in to the
internet for server duty. It is just that simple. Unix has its
occasional dribbles, Microsoft needs to be restrained and catheterized.

  Cisco could make one giant leap for mankind by simply renaming the PIX
Firewall to the PIX Network Diaper. Its a more truthful description of
what those things do and it might just get the people who sign checks
asking why applications straight out of preschool are being placed in
the field with a MCWN+N(Microsoft Certified Wet Nurse + Nanny) to watch
over them, when perfectly functional adult alternatives exist.

  I'd really like to get down and roll in the muck with you guys, but
I'm busying replacing M$ systems with FreeBSD 4.8 ...


----- Original Message ----- 
From: neal rauhauser 402-301-9555 
To: Måns Nilsson ; nanog () merit edu 
Sent: Wednesday, August 13, 2003 11:48 PM
Subject: Re: Port blocking last resort in fight against virus

Måns Nilsson wrote:
Firewalls are a patch to broken network application architechture. If
your applications would have been properly designed, you would not have
the need for firewalls. They are for perimeter defence only anyway.

    Right on - if you can't plug a machine directly in to the internet
and rely on its own defenses & well written code to keep it safe, why
are you plugging it in at all?

Oh come ON! Let's be a little real about this. How many millions of
"don't have a clue, don't want a clue" people do you know who want to
get online and see porn or nice pictures in other countries on "THE"
Internet as the clueless call internet?
How many businesses do you suppose there are that connect through a
"disk from an
internet service provider" and have the ISP set up a web site FOR them
from where they get emails through a mailto link?
There are literally MILLIONS of machines that want to be on internet
without a clue about protecting at all. If they all knew how to protect,
YOU would be working in something else!
Lord help me what an attitude! When I was 17 and got my first car, I
learned some about
keeping it on the road but I found it didn't interest me too much and
times and cars have changed since then. So, I get a mechanic to keep my
car on the road and pay him. Don't tell me that anything you want to do
even outside of computers at all you CAN do? Surely you rely on a
mechanic to keep your car on the road. Maybe that mechanic is saying "If
you cant keep your car on the road why are you driving at all?"
Honestly the attitude of some people in I.T. gives me the shits. I know
a LOT of businesses that USE computers but don't make money out of
selling or servicing them. Get real - we are the "mechanics" of the
computer world and it is up to US to let our customers know the truth.
Don't forget, there are a lot of people about who are OLDER than 40 and
use computers. Those people can REMEMBER being frustrated with computers
even though some of them know as much as YOU do now. 20 something year
olds are too young to remember that frustration and they end up with
YOUR attitude as a result!
There will come a day when the attitude of I.T. security people needs to
be friendly to earn money. Learn to be friendly now ahead of time!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]