Network Traffic Violations

[Jim Wamsley 303-673-8163 <wamsljr () coltano stortek com>]

I think I have had it with some companies that are selling web based services
that require you to use their home-brew package that fails to take into account
the way most of us, or at least many of us are controlling our Internet access.

In recent weeks, I have had two departments come to me wanting holes installed
in my outbound ACL to allow apps to call home.  Both web web based apps.  The
first package included its own embedded web server that allowed to connect to
the app locally.  Why this thing couldn't be provided to live on top of an 
existing web server, I can't imagine.  Anyway, this thing expected that it would
have unfettered access to the Internet.  The only plus I could see was that it
did use SSL to call home, but it definitely violated our policy.  And the
damned thing doesn't even have any configuration options to force it through
a proxy.  The second one popped up this week.  The end user uses his browser
to connect to the vendor's site, which then sends down this java script that
runs on the client and again expects that it can connect directly to the 
Internet.  It too, at least used SSL, although to some really obscure ports.

My point is, where do these folks get off designing apps without taking into
account that the firewall policies many of us have in place will not allow
these things to work.  I do not like some jerk deciding that his concepts
should take precedence over my judgement. Maybe we should get some legislation
enacted that would permit us to publicly flog anyone who brazenly violate 
another's space forcing me to rebel against users who are either cluelessly
reckless or recklessly clueless and demand that we do things we don't do so
they can do their jobs. ( Yes Marcus, I have the network traffic violations.)
I am tired of being accused of not being a good corporate citizen because
these fools haven't any idea what good safe network design is all about.  Don't
dictate your policy to me.  Live in my framework.  give me options that I
can safely use!!!!!

 ______________________________________________________________
[ Jim Wamsley, Network Engineering                             ]
[ StorageTek 2270 S. 88th St, M.S. 4380, Louisville, CO 80028  ] 
[ Audible:  (303) 673-8163    Logical jim_wamsley () stortek com  ]
[                   Beware of Strong Drink!                    ]
[      It may cause you to shoot at tax collectors.            ]
[                         And Miss!!                           ] 
[                                                Lazarus Long  ]
[______________________________________________________________]