hi ya dg
we dont allow any ppp/slip ... :-)
we dont allow dhcp either...
we dont allow wireless connection either..
we dont allow pop3/imap...
( pop3s ..maybe if they beg
( ie..the ceo types and know that it could be a big problem later
dont allow ---> no connections to any machine that i know about
nor is it configured to support it
but yeah... lots of whacky stuff people can do
to get their insecure stuff up and going...
stuff to bypass in-house policy... and i a machine breaks
as a result... they'd be in a heap-o-trouble
- last question they asked was...
- how do we make sure people dont upload/transfer stuff
from here to the competitors... :-)
- btw.. they all have laptops :-) they bring in and leave as
they feel like...
have fun firewalling
alvin
dumb question ...
- why is VPN needed ??? ssh seems to do everything i need
- if its (VPN) for network neighborhood to go browsing...
shoot it/kill it/stomp it (network neighborhood)...
On Wed, 27 Feb 2002 [EMAIL PROTECTED] wrote:
> On 27 Feb 2002, at 3:42, Alvin Oga wrote:
>
> > pptp is not secure enough....
> >
> > i tend NOT to allow vpn internally or from outside....
> > ( guess just me being nuts-o )
> > ( ssh-only... from inside or outside...
>
> Guess what: Any user who runs PPP over their SSH session has got a
> VPN going, one that you don't know about and can't police.
>
> DG
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
