nanog mailing list archives
RE: Microsoft to ship new versions with firewall enabled
From: "Matthew Watkins" <matt () idnet net uk>
Date: Thu, 14 Aug 2003 17:39:10 +0100
Apple have the right idea... I'd say all the vendors need to take a carefully balanced approach to security in the default configurations of their software. Leave services exposed to the network disabled by default, where possible. By all means, configure firewalls by default to block all non-established incoming connections to low port numbers, but for heaven's sake don't also block access to those ports from the local subnet as well. How would your users cope if all their shared printers and file servers suddenly became inaccessible because NetBIOS was universally blocked by new operating system "security features"? I'd hazard a guess that after they've called their ISP support team a couple of hunderd times, they'll just switch the firewall off... Your firewall rules should automatically open ports when services are explicitly enabled, and should be able to cope with laptops roaming between home and office where the local subnet addresses may change. If the firewall doesn't detect this, then you're going to cause a whole new world of support problems. - Matt
Current thread:
- Microsoft to ship new versions with firewall enabled Sean Donelan (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Eric A. Hall (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Scott McGrath (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Richard Cox (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Crist Clark (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Big power outage in Ontario ? Mike Tancsa (Aug 14)
- Re: Big power outage from NYC Robert Cannon (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Eric A. Hall (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled Daniel Senie (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled JC Dill (Aug 14)
- East Coast outage? Aaron D. Britt (Aug 14)
- Re: East Coast outage? up (Aug 14)
- Re: East Coast outage? Ray Bellis (Aug 14)
- Re: East Coast outage? Dominic J. Eidson (Aug 14)