-----Original Message-----
From: Mikael Olsson [mailto:[EMAIL PROTECTED]]
Sent: dinsdag 15 augustus 2000 15:14
To: Graham Wheeler
Cc: Andrew Lawrence; Firewalls (E-mail)
Subject: Re: Passive mode ftp
> Considering that inside users (processes, if you like) can always
> connect out through some means or another, I'd rather have my
> firewall concentrate on keeping external Bad Guys out, rather than
> attempting to concentrate on the futile task of keeping internal Bad
> Guys inside.
>
> ... but that's just my point of view, I guess ;)
I agree with you. The only way to keep Bad Guys in, is to have one rule in the firewall: Deny All
It is better to keep Bad Guys out with the firewall, attachment blocking in e-mail, virusscanning the e-mail and the desktop and train the users.
That makes $.04
Vincent de Lau
System Administrator / MSCE
