Firewall Wizards mailing list archives
Re: i-cap proposals
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 22 Feb 2005 08:31:01 -0500 (EST)
On Sat, 19 Feb 2005, ArkanoiD wrote:
Because people need access to their personal mailboxes out in the internet from the workplace, and environtments fascist enough to prohibit them
There's a difference between "need" and "want." People also want to take things from the workplace that don't belong to them, but we don't allow that behavior.
from doing it are not that common at all. So there should be a way to minimize risks without being BOFH.
No- security is based on blocking. The less you allow, the less risk you assume. It's that simple. Every extra thing you allow increases your risk in an unquantifyable manner. When it's vectors like E-mail where there's a high attack rate, then you're increasing risk significantly, because we don't have good protections for Windows desktops for new malware. My take's always been that if you want to do personal e-mail, do it on your time, on your machine. If you can negotiate otherwise, fine, but the generic drooling desktop user doesn't get to play at work. My other take is that it works from most places simply because "Anything out, state or ACK back" is the sum total of most site's firewall rulesets. I've never been anywhere that had a real security policy where mail reader protocols were allowed to external systems. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- i-cap proposals ArkanoiD (Feb 11)
- RE: i-cap proposals lordchariot (Feb 12)
- Re: i-cap proposals ArkanoiD (Feb 14)
- Re: i-cap proposals Carson Gaspar (Feb 19)
- Re: i-cap proposals ArkanoiD (Feb 19)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 14)
- RE: i-cap proposals lordchariot (Feb 12)
- Re: i-cap proposals Julian Gomez (Feb 22)