Educause Security Discussion mailing list archives
Re: Inbound Default Deny Policy at Internet Border
From: Mark Poepping <poepping () CMU EDU>
Date: Tue, 17 May 2005 13:22:11 -0400
It seems to me reasonable that there will be a difference of opinion and effect of default allow versus default deny. Your particular approach should be guided by your institution's needs and specific circumstances. One size almost certainly doesn't fit all. How ever you do it, if you manage to enhance the perception of security while reasonably continuing to serve your customers' needs, then you've probably done well. On this thread, I would be interested to hear more about: 1) suggestions for improving either default approach, or 2) how to manage the inevitable exceptions In the interest of full-disclosure: In implementation I stand with the default-allow crowd (to the expected variety of support and dismay:-). Mark.
-----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John Kristoff Sent: Monday, May 16, 2005 11:07 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Inbound Default Deny Policy at Internet Border On Mon, 16 May 2005 10:04:17 -0400 Gary Flynn <flynngn () JMU EDU> wrote:It wouldn't restrict innovation because the connectity would be available for the asking. But that convenience vs security thing would definitely be an issue.In the short term it will, but you're right in the long term it may not, but not because people will ask for connectivity. As one may remember when users wanted freedom from the glass house, PCs appeared. When users wanted remote connectivity to those PCs, modems appeared on the desktops. Something will develop so that users get 'freedom to connect' back. Maybe not fully realized for a decade or two, but my bet is that it's coming and I just hope I am around to see and take advantage of that innovation. John ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Inbound Default Deny Policy at Internet Border, (continued)
- Re: Inbound Default Deny Policy at Internet Border Eric Pancer (May 16)
- Re: Inbound Default Deny Policy at Internet Border Cal Frye (May 16)
- Re: Inbound Default Deny Policy at Internet Border Michael Sinatra (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Valdis Kletnieks (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Joel Rosenblatt (May 16)
- Re: Inbound Default Deny Policy at Internet Border stanislav shalunov (May 16)
- Re: Inbound Default Deny Policy at Internet Border Mark Borrie (May 16)
- Re: Inbound Default Deny Policy at Internet Border Davis, Thomas R. (May 17)
- Re: Inbound Default Deny Policy at Internet Border Mark Poepping (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeff Wolfe (May 17)
- Re: Inbound Default Deny Policy at Internet Border Jeffrey I. Schiller (May 18)