Educause Security Discussion mailing list archives
Re: Inbound Default Deny Policy at Internet Border
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Sun, 15 May 2005 22:01:14 -0700
Gary Flynn wrote:
We're looking at implementing a default deny inbound policy at our Internet border this summer. Anyone have any concerns or experiences they would like to share?
I don't really believe that a default-deny policy has a place at the _border_ of a research university. It may make sense at certain administrative department boundaries (which gives you a smaller vulnerability perimeter anyway) where there might be sensitive data. But where the mission is research and innovation, I just can't accept that we're doing anyone (even ourselves) a favor by blocking ports at the border. Between the number of exceptions that inevitably gets requested and the general permeability of the physical boundaries of a college campus, in the end the risk reduction of such a policy becomes substantially weakened. I don't think such weak risk reduction trumps the innovation-restricting and general inconvenience (equalling lost productivity and increased costs) that such a policy imposes. But I recognize the diversity of institutions on this list, and encourage you to think about how such a policy supports or clashes with your institution's mission. michael ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Inbound Default Deny Policy at Internet Border Gary Flynn (May 13)
- <Possible follow-ups>
- Re: Inbound Default Deny Policy at Internet Border Daniel Adinolfi (May 13)
- Re: Inbound Default Deny Policy at Internet Border Scholz, Greg (May 13)
- Re: Inbound Default Deny Policy at Internet Border Daniel Adinolfi (May 13)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 13)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 13)
- Re: Inbound Default Deny Policy at Internet Border Daniel Medina (May 13)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 15)
- Re: Inbound Default Deny Policy at Internet Border Jeffrey I. Schiller (May 15)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 15)
- Re: Inbound Default Deny Policy at Internet Border Brawner, David (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Gary Flynn (May 16)
- Re: Inbound Default Deny Policy at Internet Border Graham Toal (May 16)
- Re: Inbound Default Deny Policy at Internet Border John Kristoff (May 16)
- Re: Inbound Default Deny Policy at Internet Border Eric Pancer (May 16)
- Re: Inbound Default Deny Policy at Internet Border Cal Frye (May 16)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
(Thread continues...)