On Wed, 20 Aug 2003, Sean Donelan wrote: : On Tue, 19 Aug 2003, Scott Weeks wrote: : > on the .pif, .scr, etc. attachments...) Maybe I was just lucky. Most : > likely, though, they did not create "security zones" to keep problems : > contained within certain network segments and not let them out to destroy : > other networks. : : Luck is very important. Yes, it is. <knock, knock> (on wood) : may have 100,000 users with identical configurations (software, patch : levels, etc) in one big flat network. A large homogeneous population is : vulnerable to a common infection. Nachia has a very effecient scanning I didn't mean to suggest the network was one large, flat network. It can be segmented and have no "security zones", it can be segmented and have said zones, and it could be a BAFN. (Big A$$ Flat Network) It's just security-wise the network should be cut into zones (which may or may not follow the L3 topology) that are controllable from a security stand point. From the article (the author's reputation is an unknown) it appears that this is not the case. I see above I hinted that the security zones followed the network segmentation and I didn't mean that. One security zone could have more than one network segment, etc. Like I need to tell you this... :-) However, I just wanted to clear the point that I fouled up. scott