nanog mailing list archives
Re: Security of National Infrastructure
From: Jerry Pasker <jerry () jerry org>
Date: Fri, 29 Dec 2006 16:50:39 -0600
> Why is it that every company out there allows connections through theirfirewalls to their web and mail infrastructure from countries that they don't even do business in. Shouldn't it be our default to only allow US based IP addresses and then allow others as needed? The only case I can think of would be traveling folks that need to VPN or something, which could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still seem to be in the wild west, but no-one has the b@lls to be braven and> block the unnecessary access.
Most people inherently know the answer to this, but I figure I might as well answer the question since it was asked.
It is the way it is, because the internet works when it's open by default, and closed off carefully. (blacklists, and the such) Would email have ever taken off if it were based on white lists of approved domains and or senders? Sure, it might make email better NOW (maybe?) but in the beginning?
Block the few bad apples, and generally allow everything else by default. (but allow it carefully) It works for the web, email, airport security, and society in general (mostly open, free... unless you're a Bad Guy Criminal Type).
No one is smart enough to be a central planner, and know where the bad is, all the time. And no one is smart enough to predict who/where the "good" is. That's why open by default (with careful security to screen out the "bad") generally works the best. Chase down the "bad", and assume (correctly so) that the rest is "good."
Same concept applies to why we have police that chase criminals, rather than just throwing everyone in prison by default and making them prove that they're worth of being free.
-Jerry
Current thread:
- Security of National Infrastructure The Shadow (Dec 29)
- Re: Security of National Infrastructure Randy Bush (Dec 29)
- Re: Security of National Infrastructure Jerry Pasker (Dec 29)
- Re: Security of National Infrastructure Petri Helenius (Dec 29)
- Re: Security of National Infrastructure Chris L. Morrow (Dec 29)
- Re: Security of National Infrastructure Alexander Harrowell (Dec 30)
- Re: Security of National Infrastructure Jerry Pasker (Dec 29)
- Re: Security of National Infrastructure Joseph S D Yao (Dec 29)
- Re: Security of National Infrastructure Kevin Day (Dec 29)
- Re: Security of National Infrastructure Peter Corlett (Dec 29)
- Re: Security of National Infrastructure Mark Foster (Dec 29)
- <Possible follow-ups>
- Re: Security of National Infrastructure Scott Weeks (Dec 29)
- Re: Security of National Infrastructure Randy Bush (Dec 29)