On Thu, 2002-11-07 at 20:33, tony tony wrote: > Hi, > > Our firewall group has came to me several times over the last few months > wanting my approval to open all of the �OUTBOUND� ports on our firewall facing > the internet. Their argument is that this would not significantly reduce our > security and it will reduce their time/effort in administration.
Bas idea... Lazyness is overcoming them, and your security will be the cost. What hapens when somebody opens up that pretty icon in their email, and they see a nice little animation, yet 31337 h4x0r (mmmhmm) takes remote control? Time to get a new firewall group ;) > They claim > they get several requests a week to open up out bound ports and the number > keeps growing each month. They want to go for the gusto�and open up all 65,000+ > outbound ports. Are they kidding? how many ports can the open? I know it's alot of work /initially/, but honestly, ask yourself that qeuestion. Once a firewall is properly configured, the maintenance is and should be minimal. > I am in the security area and they want my agreement/sign off before they do > this. It just does not �feel/smell right� but I am losing ground with my > arguments. What are some good arguments I can use? You're right, it doesn't smell right, how do you know someone internal has not planed something to take control remotely? In the end, your job could be on the line... if they can go above your head and get the approval, let them. But don't you approve it, unless of course, you can explain why you authorized something that costed the company "billions" of dollars. It's always billions... even in 50 people operations... ;) > Tony > > > __________________________________________________ > Do you Yahoo!? > U2 on LAUNCH - Exclusive greatest hits videos > http://launch.yahoo.com/u2
