Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Benefit of firewall over NAT-only 'protected' network

From: ark () eltex net
Date: Wed, 28 May 2003 13:28:14 +0400
nuqneH,

What's wrong with irc? It is a good communication tool. 
It is reasonable to deny DCC file transfers, though, and there should
be no non-approved clients because of security bugs. Select one or two
clients per platform that to be allowed in your office, deny DCC
send/receive, inform users about dangers of installing custom scripts,
maintain a list of allowed servers/networks, keep an
eye on vulnerability database and i am pretty sure risk from using
Outlook or IE is more important in this situation.

Even "out of the box" irc is not more insecure than widely-used ICQ.
I even encourage users to use corporate IRC server as generic 
messaging tool. It is far better than using ICQ (with mirabilis servers
usually!) as _really many_ companies that have no own IM system do.

On Tue, May 27, 2003 at 10:50:28PM -0400, Paul Robertson wrote:


That's a silly and mostly specious pre-requisite.  For instance, most 
small office users have *no* need for IRC, and given that IRC is *the* 
major control vector for trojaned machines, why the heck would you allow it 
outbound from a small office?  Nuke 6667/tcp outbound and you decrease the 
chance of being owned rather significantly, and you break less than 1/2 of 
1% of SOHO users.  


 
                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: