Educause Security Discussion mailing list archives
Re: Outbound SMTP
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Fri, 25 Apr 2008 17:14:13 -0400
Any notion that a person needing access should just have it violates the idea that if they know they need it they must have at least a basic knowledge of what "it" is. I don't think I want a researcher (or whomever) that doesn't understand that they need port 25 open to have the ability to create an accessible application and run it on our network - sounds like they would need to do more research first :-) How to determine if the network user has the competence to have such power...if they know they have to protect/secure their servers port 25 activity, means they know that port 25 is a risk, means they know that they need port 25, which means they understand network communication protocols...so why not just know they have to ask/state "I need port X open for my research"? (I sure hope our students are being prepared for the "real world" because believe it or not, most companies have these types of controls - in my experience) We have a default deny inbound and misc ports blocked outbound (including 25). We also have a "firewall rule request form". We have very little research activities on this campus and work very closely with departments doing any type of IT program/research/project/etc. My .02 Greg -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Van Norman Sent: Friday, April 25, 2008 1:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Outbound SMTP
This brings me to one of my concerns. Why do we have to engineer our entire networks in one fashion? How about a research network, where port 25 was open, and an administrative network where it's not? If every time I say lets do X, you respond with but so and so needs X, we make no progress. How about we do X, where practical, and still allow so and so the use of an open network? If network security is going to make significant strides we need to quit catering to the least common denominator.
I agree wholeheartedly that we shouldn't cater to the least common denominator. However, today the leanings seem to be break the network first, and then open things up when there is a justification. This puts the burden on legitimate users of the network to justify their use and get permission because a few users/devices cause trouble. Just my opinion, but people tend to innovate less when you put up barriers to innovation. Making somebody get permission before trying something new is a barrier (no matter how low you try to make it). /Mike
Current thread:
- Re: Outbound SMTP, (continued)
- Re: Outbound SMTP ken lindahl (Apr 25)
- Re: Outbound SMTP Don Nightingale (Apr 25)
- Re: Outbound SMTP Michael Van Norman (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joel Rosenblatt (Apr 25)
- Re: Outbound SMTP Basgen, Brian (Apr 25)
- Re: Outbound SMTP Jason S. Cash (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joe St Sauver (Apr 25)
- Re: Outbound SMTP Scholz, Greg (Apr 25)
- Re: Outbound SMTP Halliday,Paul (Apr 25)
- Re: Outbound SMTP John Kristoff (Apr 28)
- Re: Outbound SMTP Tim Cantin (Apr 28)
- Re: Outbound SMTP Mike Porter (Apr 28)
- Re: Outbound SMTP Valdis Kletnieks (May 05)