Subject: | |
From: | |
Reply To: | [log in to unmask][log in to unmask] "If at first you don't succeed... Web : http://www.hp3000links.com Don't take up sky-diving !" "All your HP e3000 resources on the Net" (Mirror: http://www.users.totalise.co.uk/~jdunlop/index1.htm) * To join/leave the list, search archives, change list settings, * * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *44_26Sep200214:07: [log in to unmask] |
Date: | Tue, 24 Sep 2002 17:10:53 EDT |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hirsch Kenneth writes:
> Sletten Kenneth W KPWA wrote:
> > Wirt clears up what was obviously a misunderstanding on
> > my part; i.e.:
> >
> >>I'm sure that disallowance is only true for *inbound*
> >>telnet, ftp, etc. If you can at the moment telnet from
> >>your PC into our machines (try it: telnet to
> >>67.41.4.238), then you already have all the access
> >>you'll ever need.
>
> Not where I work. We have no outbound access except via proxy servers.
> Whether or not this is a good idea, it's increasingly common. The
> only protocol you should count on working is HTTP and by default you
> should use the settings from Internet Explorer.
Another person wrote me privately:
"I have seen customers with networks such that there is no
route form the internal IP Addresses to the internet, so it would require a
proxy server be set up somewhere to relay the packets. The most advanced
customers (ultra-secure networks) seem to be very similar to the most
primitive customers (no internet at all) in some ways."
I consider his last sentence to be the most important. I wrote back:
"In a very short sentence, that completely sums up my feeling about security
paranoia. The next step is disconnecting the power."
But I'll stand by my original thought: if an organization wants something
badly enough, they'll figure out how to do it. In the case of the appearance
of increasingly common license servers, only a very small hole has to be
punched in the outbound firewall, even if it has to be done by proxy.
Wirt Atmar
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|