Hirsch Kenneth writes:

> Sletten Kenneth W KPWA wrote:
>  > Wirt clears up what was obviously a misunderstanding on
>  > my part;  i.e.:
>  >
>  >>I'm sure that disallowance is only true for *inbound*
>  >>telnet, ftp, etc. If you can at the moment telnet from
>  >>your PC into our machines (try it: telnet to
>  >>67.41.4.238), then you already have all the access
>  >>you'll ever need.
>
>  Not where I work.  We have no outbound access except via proxy servers.
>  Whether or not this is a good idea, it's increasingly common. The
>  only protocol you should count on working is HTTP and by default you
>  should use the settings from Internet Explorer.

Another person wrote me privately:

"I have seen customers with networks such that there is no
route form the internal IP Addresses to the internet, so it would require a
proxy server be set up somewhere to relay the packets. The most advanced
customers (ultra-secure networks) seem to be very similar to the most
primitive customers (no internet at all) in some ways."

I consider his last sentence to be the most important. I wrote back:

"In a very short sentence, that completely sums up my feeling about security
paranoia. The next step is disconnecting the power."

But I'll stand by my original thought: if an organization wants something
badly enough, they'll figure out how to do it. In the case of the appearance
of increasingly common license servers, only a very small hole has to be
punched in the outbound firewall, even if it has to be done by proxy.

Wirt Atmar

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *