nanog mailing list archives
RE: Microsoft to ship new versions with firewall enabled
From: JC Dill <nanog () vo cnchost com>
Date: Thu, 14 Aug 2003 11:44:56 -0700
At 10:00 AM 8/14/2003, Daniel Senie wrote:
At 12:39 PM 8/14/2003, Matthew Watkins wrote:Apple have the right idea... I'd say all the vendors need to take a carefully balanced approach to security in the default configurations of their software. Leave services exposed to the network disabled by default, where possible. By all means, configure firewalls by default to block all non-established incoming connections to low port numbers, but for heaven's sake don't also block access to those ports from the local subnet as well.Define "local subnet."Go sit in a Starbucks and use Wifi. Is the person at the next table, or sitting on the bench outside with their laptop considered on the "local subnet?" Do you trust that person?
Hold on a second, and let me ask him. :-)
This is just an example of how a policy like the one you suggest can be dangerous.
He said "What's a subnet?" heh jc
Current thread:
- Re: Microsoft to ship new versions with firewall enabled, (continued)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Scott McGrath (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Richard Cox (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Crist Clark (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Big power outage in Ontario ? Mike Tancsa (Aug 14)
- Re: Big power outage from NYC Robert Cannon (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled Daniel Senie (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled JC Dill (Aug 14)
- East Coast outage? Aaron D. Britt (Aug 14)
- Re: East Coast outage? up (Aug 14)
- Re: East Coast outage? Ray Bellis (Aug 14)
- Re: East Coast outage? Dominic J. Eidson (Aug 14)