tom brown wrote: > > 3) Why would using access lists on a firewall be "less secure" > > than not running access lists? For that matter, why would > > anyone not use access lists on the router itself to keep > > everyone in the world from connecting to it? > > > > Absolutly no reason at all, these guy's sound a bit stupid. If you have > a drawbridge then use it! My guess is the guy that did the installation really doesn't know much about it. He probably knows how he likes to do things and figures any other approach is not as good. The biggest problem that affects me directly is that his way of setting it up is predicated on the idea that anyone who needs to have access to the machine has physical access to it. I guess I'll install some software on it in two weeks (spring break) and if there are any problems, I'll take care of them later (May, August, or December). > > > > 4) Why would anyone allow finger to run on a router unless access > > was sharply limited? > > > > In the good old innocent days it was a useful service. These days it's > asking for trouble. Previously, I had blocked all access to the routers except from specific IP addresses. We never had anyone who needed access that didn't have it and we never had any traffic get to it that didn't need to get to it. > > > > 5) Am I correct in my guess that two dns servers are running? > > Is it possible for one dns server to handle one kind of > > query and another dns server to handle another? > > > > No idea, but given their approach to filters you might want to revert to > what you trust. My only option at this point is to sit back and let them handle it. When the original equipment was originally installed, there were some problems and I fixed them in spite of having been forbidden to do so. But my brother seems to think that since he's paying someone to do take care of it, he must know what he's doing. But I found out a long time ago that if something doesn't add up, then there is usually a very serious problem somewhere. My brother once told me that the company and the isp is too small to be attractive to people trying to break in. It wasn't very long after that before someone did break in (from a dialup in France) and caused some significant damage. It could have been much, much worse. And, if I had been blocked from being able to deal with the break in at the time, he might have had to close that division of the company for good. The next time, I suspect that will happen and I just don't understand why he can't understand that. I guess it's natural selection in progress. Eric Johnson - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
