Firewall Wizards mailing list archives
Re: Benefit of firewall over NAT-only 'protected' network
From: ark () eltex net
Date: Wed, 28 May 2003 13:28:14 +0400
nuqneH, What's wrong with irc? It is a good communication tool. It is reasonable to deny DCC file transfers, though, and there should be no non-approved clients because of security bugs. Select one or two clients per platform that to be allowed in your office, deny DCC send/receive, inform users about dangers of installing custom scripts, maintain a list of allowed servers/networks, keep an eye on vulnerability database and i am pretty sure risk from using Outlook or IE is more important in this situation. Even "out of the box" irc is not more insecure than widely-used ICQ. I even encourage users to use corporate IRC server as generic messaging tool. It is far better than using ICQ (with mirabilis servers usually!) as _really many_ companies that have no own IM system do. On Tue, May 27, 2003 at 10:50:28PM -0400, Paul Robertson wrote:
That's a silly and mostly specious pre-requisite. For instance, most small office users have *no* need for IRC, and given that IRC is *the* major control vector for trojaned machines, why the heck would you allow it outbound from a small office? Nuke 6667/tcp outbound and you decrease the chance of being owned rather significantly, and you break less than 1/2 of 1% of SOHO users.
_ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Benefit of firewall over NAT-only 'protected' network Hugh Blandford (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Tina Bird (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Frank Knobbe (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Chuck Swiger (May 30)
- Re: Benefit of firewall over NAT-only 'protected' network Frank Knobbe (May 31)
- Re: Benefit of firewall over NAT-only 'protected' network Tina Bird (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Hugh Blandford (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Bill Royds (May 30)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network ark (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- <Possible follow-ups>
- Re: Benefit of firewall over NAT-only 'protected' network salgak (May 28)