Firewall Wizards mailing list archives

Re: how prevelant

From: Brian Ford <brford () cisco com>
Date: Tue, 12 Oct 2004 11:20:20 -0400

Ron,

I'm only seeing really small business or academic environments even tryingto do this. Most are unsuccessful. More and more often ISPs likeCablevision and their Optimum Online service are blocking all domain (aswell as SMTP) traffic at the edge of their cloud. I've heard from peopleoutside that ISP that they are considering blocking this traffic withintheir cloud.

Regarding VPN access I see everything including tokens, various types ofSmartcards, Active Directory integration, our ACS (AAA server), and yeseven PKI being used somewhere. I think the issue of this space is thatthere are multiple ways to do it and the definition of ease of use variesfrom person to person.


Remember healthy paranoia can be your friend.

Liberty for All,

Brian

At 08:31 AM 10/12/2004 -0400, firewall-wizards-request () honor icsalabs comwrote:

Date: Fri, 8 Oct 2004 15:05:59 -0400 (EDT)
From: "R. DuFresne" <dufresne () sysinfo com>

To: "'firewall-wizards () honor icsalabs com'"<firewall-wizards () honor icsalabs com>

Organization: sysinfo.com
Subject: [fw-wiz] how prevelant


how common is it for a company to have it's NT domain and novell
athentication pass openly across the internet, and have this be the
requirement to access VPN tunnel rights from outside into the company?

The firewalls I manage keep all windows related protocols in the 135-139,
445 and 5000 ports arenas internal only, none f this traffic passes
outside the firewalls, none is allowedto pass outside, unltess tunneled.
Is this not a standard practise with any org with half a clue of security,
or am I being more tightfisted with access and control then is the norm?

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!



Brian Ford
Consulting Engineer, Enterprise Architecture Security Specialist
Technology Policy & Consulting Engineering
Cisco Systems Inc.
http://www.cisco.com/go/safe/

The opinions expressed in this message are those of the author and notnecessarily those of Cisco Systems, Inc..


This email address is transmitted from San Jose, California, U.S.A..


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

how prevelant R. DuFresne (Oct 11)
- Re: how prevelant Paul D. Robertson (Oct 11)
  - Re: how prevelant Kevin (Oct 12)
- Re: how prevelant Jason Lewis (Oct 11)
  - Re: how prevelant Kevin Sheldrake (Oct 12)
- Re: how prevelant ArkanoiD (Oct 12)
- <Possible follow-ups>
- Re: how prevelant Brian Ford (Oct 12)
- RE: how prevelant Melson, Paul (Oct 12)