RE: Napster

Michael W. Burden Wed, 1 Mar 2000 12:54:10 -0500 (EST)

(OK, let's try this again after I only sent it to Alex
the first time.  Gotta do something about the way that
work is starting to get in the way of my paying attention
to other things...)


There are several benefits to taking Alex's advice:

1.  It's more secure.  A rogue JavaScript (for example) is less likely
    to be able to send your confidential information somewhere that you
    don't want it to go.
2.  It allows you to keep better tabs on how your network is being
    utilized.
3.  You don't have to go through this every time some new protocol pops
    up that you want to block.

Of course, the basic assumptions here are that you are administrating a
network where the primary function is to give the users what they
need to get their jobs done and that there are no issues with restricting
"fun" things in order to preserve bandwidth for "work" things.

If you have to let some of the "fun" things go through, then you may
find yourself having the opposite problem if you take this approach:
You'll be constantly searching for what ports the applications use so
that you can open them (as opposed to closing them).  The good news
here is that all you have to do is enable alarms for the outbound
filters and the GNAT Box will tell you (for most reasonable protocols)
what you need to know.




-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Alex Howansky
Sent: Wednesday, March 01, 2000 12:15 PM
To: [EMAIL PROTECTED]
Subject: Re: Napster


Send postings to: [EMAIL PROTECTED]
Access the list archives at:
http://www.gnatbox.com/gb-users/
----------------------------------

I think the easiest (and most secure) way to handle this problem it to
configure the firewall to deny all outbound traffic, then allow only those
few
specifc ports that you want. Configure PRO->EXT just like you would
EXT->PSN.

Remember, security and convenience are inversely proportional!

--
Alex Howansky
Wankwood Associates
http://www.wankwood.com/

----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message

RE: Napster

Reply via email to