Joe Delsol wrote:
> What are the reasons against opening all port access to the internet
> from my internal users?
A whole bunch of reasons against opening this up have been proposed,
which are all valid.
One good reason *for* opening it up however is this:
1) Your users can get work done.
Security is a tradeoff - protect your network from abuse, and you at the
same time prevent it's use. A good idea is to take the middle ground -
nothing is allowed by default, but be liberal in allowing things where
they are necessary. Nothing is more frustrating as a user when a service
(like rsync, ssh, CVS, ftp, streaming media, etc etc) is not allowed and
no workaround exists to cater for it. The web != the internet.
Despite the huge potential the internet has for abuse by workers it's
also in my experience the most valuable work tool that I have. Be too
restrictive in your access control and you might as well not have access
at all.
Regards,
Graham
--
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
