Re: Level3 routing issues?

[Simon Lockhart <simonl () rd bbc co uk>]

On Mon Jan 27, 2003 at 04:16:00PM -0500, alex () yuriev com wrote:
> Again, but why does it talk to the outside world unsupervised?  Your
> organization clearly has a border that separates its internal systems from
> external ones. Why not apply those restrictions on *those* borders?

From inside the organisation to outside, yes, ish. Except all those SSL sites
on random port numbers. And other protocols which use random port numbers
(not just peer-to-peer, but also things like FTP, etc).

But, we were talking about end-user connected into the inside network using
a VPN. That user needs to have pretty much unfettered access to the
business parts of your internal network. (Okay, mission critical stuff
should be seperately firewalled, but MS makes that hard enough, due to
things like Active Directory, where everything needs to talk to everything).

Simon
-- 
Simon Lockhart             |   Tel: +44 (0)1628 407720  (BBC ext 37720)
Technology Manager         |   Fax: +44 (0)1628 407701  (BBC ext 37701)
BBC Internet Services      | Email: Simon.Lockhart () bbc co uk 
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK