Firewall Wizards mailing list archives
Re: Firewalls that generate new packets..
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 28 Nov 2007 17:34:00 -0500 (EST)
On Wed, 28 Nov 2007, Paul Melson wrote:
With today's proliferation of Trojans and Spyware, anyone with a Windowsuser population abovethree who has an allow-all default outbound policy is an idiot andpopulations of one to threeare likely candidates for the club if not associate members.Sure, but as you and I both know, it's still a very common, if not the predominant firewall policy in the business world. And aside from Cisco/Linux nerds like us that roll our own at home, every home setup with a firewall is configured like this.
Unprotected inter-personal physical interaction is popular in African
countries with high AIDS rates too- that doesn't make it a good thing.
While I make a good bit of income from disinfecting systems, it's not how
I'd like to spend my time (though I'm happy to do it!) Anyway, it's not
really a "firewall policy" in any sense other than implementation- it's a
default configuration that shouldn't exist- but vendors would rather make
connectivity easy than make security or risk a known issue.
In any case, we need to (in a big way) repeat the "You're being stupid"
message when it's appropriate.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul () compuwar net which may have no basis whatsoever in fact."
http://www.fluiditgroup.com/blog/pdr/
Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewalls that generate new packets.., (continued)
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 30)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 27)
- Message not available
- Re: Firewalls that generate new packets.. Marcus J. Ranum (Nov 27)
- Re: Firewalls that generate new packets.. Anton Chuvakin (Nov 28)
- Re: Firewalls that generate new packets.. jason (Nov 27)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Timothy Shea (Nov 28)
- Re: Firewalls that generate new packets.. Paul Melson (Nov 28)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 28)
- Re: Firewalls that generate new packets.. Darren Reed (Nov 28)
- Re: Firewalls that generate new packets.. Patrick M. Hausen (Nov 29)
- Re: Firewalls that generate new packets.. lordchariot (Nov 29)
- Re: Firewalls that generate new packets.. Cat Okita (Nov 26)
- Re: Firewalls that generate new packets.. Chris Blask (Nov 26)
- Re: Firewalls that generate new packets.. Paul D. Robertson (Nov 26)
- Re: Firewalls that generate new packets.. Darden, Patrick S. (Nov 26)