Thu, 12 Jul 2007, by [EMAIL PROTECTED]: > On Thursday 12 July 2007, Theo v. Werkhoven wrote: > > Of course, at $DAYJOB, I do /not/ let company PCs have unrestricted > > access to high ports on the outside, better safe than sorry with > > Windows PCs, dealing with company data and passwords etc... > > Really? > So something as simple as web browsing requires all sorts of > proxying, and every internet oriented package needs to be proxied > or SOCKSified?
No proxy, just a limited set of ports that I allow to connect to, like web, pop3(s), imap(s), vpn, ftp etc., and some special ports for accounting and airline reservation packages (but only to and from specific hosts). > Sounds like a make work project to me. Not really, in the logs I can see hundreds of attempts to ports on the outside being dropped every day, but unless it's really work-related, no-one complains if e.g. their internet-radio connection or other non-essential things do not work. With Shorewall it's a matter of minutes to add an ALLOW if needed, but that doesn't happen more than once in a (long) while. You'd be surpised with how little a normal company can do Internet-wise. > We have fairly old releases of MSIE running in hundreds of machines > each running a lightweight antivirus and SpyBot Search and Destroy. > Works. We focus on our work, rather than the weaknesses of the OS on our PCs. Theo -- Theo v. Werkhoven Registered Linux user# 99872 http://counter.li.org ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131 SUSE 10.2 + Jabber: [EMAIL PROTECTED] Kernel 2.6.18 + See headers for PGP/GPG info. Claimer: any email I receive will become my property. Disclaimers do not apply. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
