Firewall Wizards mailing list archives
Re: Benefit of firewall over NAT-only 'protected' networ k
From: Paul Robertson <proberts () patriot net>
Date: Thu, 29 May 2003 10:43:16 -0400 (EDT)
On Wed, 28 May 2003, Crispin Cowan wrote:
Some of the best real-time tech support for various open source software is available through public IRC channels:
Once again, the bulk of small office/home office users don't need this. [That was the original context, stretching the context to fit the answer you want is a no go at this station.] In fact, the bulk of corporate users don't need this. Given the number of trojaned hosts on botnets, it's just not a good thing to let IRC out except under the most controlled circumstances. When I IRC from work, I do it though a machine that's at a colo, not directly from my desktop, and I don't lose functionality, but neither does our firewall. It's not a game of "Can I possibly come up with a legitimate reason to use this service?" It's "Is this risk worth the company taking?" I again assert that for 99.9% of companies, the answer is "Heck no!" when it comes to IRC from the desktop- even in companies where IRC is a necessary part of the business. You don't *need* IRC to get support, and you don't *need* to allow access to #plug_my_product_here by default to every desktop in a corporation. You don't *need* 6667/tcp from the desktop to get on IRC either. Several hundred thousand trojaned machines are DDoSing, password guessing, and causing other mayhem _every_single_day_. That needs to be *fixed*, and firewall admins should be part of the solution, not part of the excuses for not doing better brigade. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Benefit of firewall over NAT-only 'protected' networ k Monkman, Brian (May 28)
- <Possible follow-ups>
- RE: Benefit of firewall over NAT-only 'protected' networ k Noonan, Wesley (May 28)
- Re: Benefit of firewall over NAT-only 'protected' networ k Crispin Cowan (May 29)
- Re: Benefit of firewall over NAT-only 'protected' networ k Paul Robertson (May 29)
- Re: Benefit of firewall over NAT-only 'protected' networ k Crispin Cowan (May 29)