On Fri, May 21, 2010 at 7:48 AM, Shawn Bakhtiar <[email protected]>wrote:
> I believe each of the points you both made, including OUTBOUND security to > prevent hackers from using a hacked machine on our network, are very valid > points. But I have yet to see gateway blocks actually reduce the number of > infections on my network, and when compared to the complexity it introduces > into the system, it is just not worth it. Complexity is your worst enemy. > When things are kept as simple as possible, in a time of crisis, they are > simple to figure out. > > It may not have happened on your network, but it's (filtering outbound traffic) saved our bacon several times over the years, especially back in the Code Red/Nimda days. And, in an educational setting (I work for a school district now), you definitely do not want to have wide-open Internet access for student computers. I would never violate a netizen's right by restricting his or her movements > on the internet. There's no such thing as "a netizen's right to use the Internet". > I believe a user should be able to use the machine assigned to them for > what ever purpose they choose, and it is my job to provide a reliable, safe, > and secure, environment for them to operate in. > > Wow, I want to work where you do. :) Everywhere I've worked, the computer has always been the property of the company, and is only provided as a convenience to do company work. The only apps installed are the ones required for doing your work, and the only approved activities are those that pertain to doing your work. It's not your personal PC to do with as you please. That sounds more like a home computer. :) -- Freddie Cash [email protected] _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
