Re: Level3 routing issues?

[Simon Lockhart <simonl () rd bbc co uk>]

On Mon Jan 27, 2003 at 04:00:51PM -0500, alex () yuriev com wrote:
> It is very easy. 
>
> Deny everything.
> Allow outbound port 80
> Allow mail server to 25
> Allow ident
> If you need netmeeting, allow netmeeting server to other servers.
> If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
> the name of the other mahine.
>
> I am failing to see a problem.

That's fine for a non-MS view of the world (admittedly, a view I prefer),
but then you've got to allow TCP 138/139 to all the MS servers in your
organisation (why couldn't they seperate auth from file sharing from...). 
And then whatever protocols Outlook uses to talk to your
Exchange servers (and if I understand it correctly, that might be more than
one to get to Public Folders, etc). And then SAP. And then Business App A. 
And the Business App B. And...  And...

Me? I'd give them ports 443, 80, 53, 25 and 22, and be done with it. 
If you can't do it with those ports, it's probably not implemented right ;-)

Simon
-- 
Simon Lockhart             |   Tel: +44 (0)1628 407720  (BBC ext 37720)
Technology Manager         |   Fax: +44 (0)1628 407701  (BBC ext 37701)
BBC Internet Services      | Email: Simon.Lockhart () bbc co uk 
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK