nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Synology Disk DS211J

From: Matthew Palmer <mpalmer () hezmatt org>
Date: Fri, 30 Sep 2011 16:18:44 +1000
On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote:

On 9/29/11 17:46 , Robert Bonomi wrote:

From: Nathan Eisenberg <nathan () atlasnetworks us>
Subject: RE: Synology Disk DS211J
Date: Thu, 29 Sep 2011 21:58:23 +0000


And this is why the prudent home admin runs a firewall device he or she 
can trust, and has a "default deny" rule in place even for outgoing 
connections.

- Matt




The prudent home admin has a default deny rule for outgoing HTTP to port 
80?  I doubt it.



No, the prudent nd knowledgable prudent home admin does not have default deny
rule just for outgoing HTTP to port 80.

He has a  defult deny rule  for _everything_.  Every internal source address,
and every destination port.  Then he pokes holes in that 'deny everything'
for specific machines to make the kinds of external connections that _they_
need to make.


Tell me how that flys with the customers in your household...


Perfectly fine.  My users know not to go plugging random devices in, and I
properly configure the firewall to account for all legitimate traffic before
the device is commissioned.

- Matt
Previous By Date Next
Previous By Thread Next

Current thread: