Re: Security of National Infrastructure
--- shadow@geek-guy.com wrote: Why is it that every company out there allows connections through their firewalls to their web and mail infrastructure from countries that they don't even do business in. Shouldn't it be our default to only allow US based IP addresses and then allow others as needed? The only case I can think of would be traveling folks that need to VPN or something, which could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still seem to be in the wild west, but no-one has the b@lls to be braven and block the unnecessary access. ------------------------------------------------------------- Please don't feed the troll... scott
Why is it that every company out there allows connections through their firewalls to their web and mail infrastructure from countries that they don't even do business in. Shouldn't it be our default to only allow US based IP addresses and then allow others as needed? The only case I can think of would be traveling folks that need to VPN or something, which could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still seem to be in the wild west, but no-one has the b@lls to be braven and block the unnecessary access.
Please don't feed the troll...
All those meandering replies full of jokes, puns, political comments and smart remarks do feed the trolls. But a straightforward answer is not troll feeding. The fact is that all those companies out there are PUBLISHING information on their web servers. In order to PUBLISH you must open access to arbitrary members of the PUBLIC. These companies also publish email addresses and invite people to send them email. In order for this email to get through they have to open their incoming mail servers to anyone. This does not mean that their mail infrastructure or web infrastructure is wide open. In most cases only an HTTP load balancer and an incoming-only SMTP server will be accessible directly. If anyone knows of a significant number of companies where this is not the case then I think you have found a potential market for some consultancy services. Rather than whining on NANOG, it would be more productive to find a salesperson to help you get your foot in the door and fix the problems. --Michael Dillon
participants (2)
-
Michael.Dillonļ¼ btradianz.com
-
Scott Weeks