-----BEGIN PGP SIGNED MESSAGE----- (Again no personal attacks: I respect what you guys have to say).
[Paul Said:] Firewall? DMZ? What makes you think everybody has those? How 'bout an even more esoteric question? Why do the tier 1 providers (like UUNET) allow traffic on port 1434??? [/Paul] Because its not their call. I could write an EncryptoWidget for my company and have is using 1434/UDP - what right does my ISP or any other carrier have to decide what ports I can and can't use? With an increase of traffic moving over TCP port 80: remote desktop control[1], SSL VPNs[2], to name a few, conventional firewalling will surely become somewhat moot. We'll all be wrapping things up as MIME-encoded HTML (and wasting a whole load of bandwidth too) just to get through the firewall. I have actually seen products advertised as "can be used from any PC with a web browser so as avoid internet firewalls". We're just moving sideways if people think like this; Security is a hinderance to be avoided. So yes you are right about education and taking the initiative. If someone could only come up with that elusive formula that showed how increased security was directly proportional to Management bonuses we'd be laughing :) [Mark Said:] It also shows how many companies could give two sh!ts about patching and firewalling important boxes internally. [/Mark] Whilst contacting (read 'forcing') people to patch their SQL Servers once and for all or be thrown off the network I constantly met with the same response: "but it's behind the firewall isn't it". This goes to show that even when people do recognise the security issues abound on todays Internet they don't understand the nature and technicalities of exploits. They don't know that some traffic can transverse firewalls when it's not supposed to. They don't know about VPN connections to branch offices. They don't know about firewall interfaces, DMZs, etc, etc. As long as the port is blocked to the world then we're all safe. [Mark Said:] This goes FAR beyond forgetting to install a simple patch, I think it shows just how many poeple out there have no port filtering in place and probably check off "full install" on their windows servers without a second thought. [/Mark] That's because they're all textbook MCSEs without an once of noodle between them (or they're developers: I swear without developers our network security would increase ten-fold) and are more interested in getting things to work than security. Afterall IT that isn't working is just a waste of money. ________ [1] http://www.webex.com [2] http://www.nortelnetworks.com/products/01/alteon/sslvpn/ -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wmAEARECACAFAj46rjIZHGZ1dHVyZXNob2tzQGh1c2htYWlsLmNvbQAKCRCz85xsvW2z xZxgAKC2o1Wxe+EgrO0snDEtrCN7RUHfvACfbq+dEMbg+GXIHWzT5EHqoHijFL8= =kGOH -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
