Simeon Miteff wrote: > Some years ago our network used to be fairly open/lightly firewalled (as > I imagine most university networks were). Then some machines got hacked > (*cough*windows*cough*), and then a decision was made to change the > network to a Internet--->DMZ---->LAN type of setup. The LAN has > transparent access to the DMZ, but not vice-versa.
I think we all remember CodeRed and SirCam. The lesson of these viruses was that it is important to firewall the ports that are used for LAN related activates such as CIFS File and Print Sharing and SQL Server access. There was no justification for blocking everything by default. Organizations that do so are making things extremely difficult to support federated authentication models let alone access to distributed computing infrastructures. The end result of these policies is that organizations simply tunnel more things over HTTP. Now where can I find that RX over HTTP implementation? :-) Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
