nanog mailing list archives
Re: Block all servers?
From: "Adam Selene" <nospam () vguild com>
Date: Fri, 10 Oct 2003 20:07:05 -0600
IMHO, all consumer network access should be behind NAT. However, the real solutions is (and unfortunately to the detriment of many 3rd party software companies) for operating system companies such as Microsoft to realize a system level firewall is no longer something to be "added on" or configured later. Systems need to be shipped completely locked down (incoming *and* outgoing IP ports), and there should be an API for applications to request permission to access a particular port or listen on a particular port (invoking a user dialog). As for plug-in "workgroup" networking (the main reason why everything is open by default), when you create a Workgroup, it should require a key for that workgroup and enable shared-key IPSEC. Currently Windows 2000 can be configured to be extremely secure without any additional software. Unfortunately you must have a *lot* of clue to configure the Machine and IP security policies it provides. Adam
Current thread:
- Block all servers? Michael . Dillon (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 10)
- Message not available
- RE: Block all servers? Eric Kuhnke (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 10)
- Re: Block all servers? Adam Selene (Oct 10)
- Re: Block all servers? ken emery (Oct 10)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? ken emery (Oct 11)
- Re: Block all servers? Stefan Mink (Oct 14)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Stefan Mink (Oct 14)
- Re: Block all servers? Kee Hinckley (Oct 14)
- Re: Block all servers? Crist Clark (Oct 14)
- Re: Block all servers? Steven M. Bellovin (Oct 14)
- RE: Block all servers? Eric Kuhnke (Oct 10)
- Re: Block all servers? Alex Yuriev (Oct 11)