>Even if the list to allow was longer than the list to ban I would still prefer it. "Deny everything except what is specifically allowed" is inherently better security than "Allow everything except what is specifically denied."
In a company/corporate scenario, yes, deny by default is the best policy. But we must look at this from the perspective that Declude is used by many different organizations including education, government, corporate and service providers. Therefore, the configuration must be adaptable to all segments. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
