Firewall Wizards mailing list archives
Network Traffic Violations
From: Jim Wamsley 303-673-8163 <wamsljr () coltano stortek com>
Date: Thu, 3 Sep 1998 12:08:41 -0600 (MDT)
I think I have had it with some companies that are selling web based services that require you to use their home-brew package that fails to take into account the way most of us, or at least many of us are controlling our Internet access. In recent weeks, I have had two departments come to me wanting holes installed in my outbound ACL to allow apps to call home. Both web web based apps. The first package included its own embedded web server that allowed to connect to the app locally. Why this thing couldn't be provided to live on top of an existing web server, I can't imagine. Anyway, this thing expected that it would have unfettered access to the Internet. The only plus I could see was that it did use SSL to call home, but it definitely violated our policy. And the damned thing doesn't even have any configuration options to force it through a proxy. The second one popped up this week. The end user uses his browser to connect to the vendor's site, which then sends down this java script that runs on the client and again expects that it can connect directly to the Internet. It too, at least used SSL, although to some really obscure ports. My point is, where do these folks get off designing apps without taking into account that the firewall policies many of us have in place will not allow these things to work. I do not like some jerk deciding that his concepts should take precedence over my judgement. Maybe we should get some legislation enacted that would permit us to publicly flog anyone who brazenly violate another's space forcing me to rebel against users who are either cluelessly reckless or recklessly clueless and demand that we do things we don't do so they can do their jobs. ( Yes Marcus, I have the network traffic violations.) I am tired of being accused of not being a good corporate citizen because these fools haven't any idea what good safe network design is all about. Don't dictate your policy to me. Live in my framework. give me options that I can safely use!!!!! ______________________________________________________________ [ Jim Wamsley, Network Engineering ] [ StorageTek 2270 S. 88th St, M.S. 4380, Louisville, CO 80028 ] [ Audible: (303) 673-8163 Logical jim_wamsley () stortek com ] [ Beware of Strong Drink! ] [ It may cause you to shoot at tax collectors. ] [ And Miss!! ] [ Lazarus Long ] [______________________________________________________________]
Current thread:
- Network Traffic Violations Jim Wamsley 303-673-8163 (Sep 03)
- Re: Network Traffic Violations Colin Campbell (Sep 06)
- Re: Network Traffic Violations Ken Hardy (Sep 06)
- Message not available
- Re: Network Traffic Violations Marcus J. Ranum (Sep 07)
- Message not available
- Re: Network Traffic Violations Rick Smith (Sep 09)
- <Possible follow-ups>
- Re: Network Traffic Violations Antonomasia (Sep 06)
- Re[2]: Network Traffic Violations Mike Baxter (Sep 07)
- Re: Network Traffic Violations Bill_Royds (Sep 10)
- RE: Network Traffic Violations jrtietsort (Sep 10)
- RE: Network Traffic Violations Ted Doty (Sep 11)
- RE: Network Traffic Violations Rick Smith (Sep 11)