Firewall Wizards mailing list archives

RE: Annoying pop-ups

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 1 Nov 2002 16:29:28 -0500 (EST)

Gregory,


      I tend to agree with you (as I noted), but that doesn't address my 
question at all.  Are you guys saying that the messenger service is 
dangerous/not useful on the LAN?  I think I can make a better argument for 
some core network functionality being turned on by default than you guys 
can for turning everything off.  Imagine if everything were turned off by 
default, things would definitely be safer--but how bad would that world 
suck for the technically dysfunctional you guys are talking about 
defending?  They'd be safer, but their computers would be paperweights to them.

<rant>
The messenger service is *not* evil.  Letting unfiltered Internet traffic 
hit your machine *is* stupid.  And if you spill hot coffee on yourself, 
it's *your* fault you got burned, you clumsy dumb-ass.
</rant>


I think one has to ask this question about the service in question and the
problems faced by yhe original poster:

1>  is the service abusable remotely

2>  is the service abusable internally

3>  does the vendor provide a security mechnism to prevent the abuse of
the service and is that well documented

4>  is the service required for systems to be functional on the corp or
home network

I think you answer that in your rant above about unfiltered traffic
hitting the inside machine<s>.

Additionally, considering most home networks consist of a single system,
shared by the family of in the kid's bedrooms, how functional is the
messaging service?  But, considering the home/small office networks
consisting of more then one system;  does the vendor in question actually
document how the service can be abused and provide information about how
to deal with and prevent such abuses?  Not providing such a mechanism and
documentation might well be itself a primary lack of resonsibility as
pertains to their stance on security.


Thanks,


Ron DuFresne

<what you don't know, *can* hurt you>
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Annoying pop-ups Scott, Richard (Oct 31)
- RE: Annoying pop-ups R. DuFresne (Nov 01)
- Message not available
  - RE: Annoying pop-ups Gregory Austin (Nov 01)
    - RE: Annoying pop-ups R. DuFresne (Nov 01)
    - Message not available
    - RE: Annoying pop-ups Gregory Austin (Nov 01)
    - RE: Annoying pop-ups R. DuFresne (Nov 01)
    - RE: Annoying pop-ups Paul Robertson (Nov 01)
    - RE: Annoying pop-ups Christopher Hicks (Nov 01)
    - RE: Annoying pop-ups Paul D. Robertson (Nov 01)
    - RE: Annoying pop-ups Bill Royds (Nov 02)
    - Re: Annoying pop-ups Gary Flynn (Nov 01)
- <Possible follow-ups>
- RE: Annoying pop-ups Scott, Richard (Nov 01)
- RE: Annoying pop-ups Scott, Richard (Nov 01)