Re: Outbound SMTP

["Basgen, Brian" <bbasgen () PIMA EDU>]

Joe,

> saying that blocking port 25 is the only sustainable option? 

 Security decisions are predicated on the context of the institution.
There are still schools that have a proliferation of MTAs as a regular
matter of course, typically with various and sundry reasons. I don't
know if it is the norm nowadays, but it certainly is a rarity either. 

 In any event, as Roger Safian and others have stated in their
responses, a false dichotomy is being drawn up here. A firewall rule is
a pretty nuanced decision in complex networks. Moreover, just because
maintaining control over outbound e-mail gateways is normal practice for
many institutions, doesn't necessitate an implicit suggestion that
everyone else has to fit into that mold. 

> Well, just like the Cosby Show, "the miscreants want your users' 
> systems."

 I think this is a point where reasonable people can disagree.
Information security commonly contains a fair amount of subjectivity and
speculation. 
 
> I guess that's where I disagree. I think we *can* achieve pristine (or

> virtually pristine) networks.

 I think these disagreements are semantic. Host and perimeter security
have strengths and weaknesses, and of course, host security has had a
mercurial rise over recent years for good reason (partly neglect, partly
mobility, etc). 

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College