Timothy Sipples wrote: First thing first Timothy, many thanks for your posts on IBM-MAIN.
>Paul Gilmartin wrote: >>Firewall security rules. Their z system is not permitted to connect >>to ftp.cbttape.org. >Elardus Engelbrecht replied: >>Ok. Thanks. It seemed reasonable to me. >Are those rules "reasonable"? I don't assume that, having observed the common consequences of such rules in the real world. In many instances such rules dramatically *reduce* overall enterprise security as business people (naturally!) bypass the rules to get their (expletive deleted) jobs done. I agree that such rules could be actually 'counter productive'. I have 3 comments on your statements: 1. If we catch someone trying to bypass the security or download something from a forbidden site - we 'promote' them to the pavement. 2. At our work, if you can motivate it formally and properly (with business case of course), that external addresses are opened up by our network staff. 3. There is a business case reason why external sites **can be** forbidden - limited bandwith. >It is also theoretically possible to heave your mainframe into the Mariana Trench, too, allegedly in the name of "security." And to disconnect all your telephones. It doesn't mean that's "reasonable." Why not put it on Pluto? It should be far enough for hackers except HAL of course... ;-D Groete / Greetings Elardus Engelbrecht HAL - That little speaking and thinking (?) computer in a famous movie. ;-D ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
