firewall == network diaper, ranting in HTML
I've got to wonder about someone who posts a rant to nanog to begin with and I'll give you kudos for having the balls to format it in HTML as well. Below I included the text of the message sans large aqua font & other HTML 'enhancements'. I think you rather missed my point - machines with incontinent TCP/IP stacks or incontinent applications should not be plugged in to the internet for server duty. It is just that simple. Unix has its occasional dribbles, Microsoft needs to be restrained and catheterized. Cisco could make one giant leap for mankind by simply renaming the PIX Firewall to the PIX Network Diaper. Its a more truthful description of what those things do and it might just get the people who sign checks asking why applications straight out of preschool are being placed in the field with a MCWN+N(Microsoft Certified Wet Nurse + Nanny) to watch over them, when perfectly functional adult alternatives exist. I'd really like to get down and roll in the muck with you guys, but I'm busying replacing M$ systems with FreeBSD 4.8 ... ----- Original Message ----- From: neal rauhauser 402-301-9555 To: Måns Nilsson ; nanog@merit.edu Sent: Wednesday, August 13, 2003 11:48 PM Subject: Re: Port blocking last resort in fight against virus Måns Nilsson wrote:
Firewalls are a patch to broken network application architechture. If your applications would have been properly designed, you would not have the need for firewalls. They are for perimeter defence only anyway.
Right on - if you can't plug a machine directly in to the internet and rely on its own defenses & well written code to keep it safe, why are you plugging it in at all? Oh come ON! Let's be a little real about this. How many millions of "don't have a clue, don't want a clue" people do you know who want to get online and see porn or nice pictures in other countries on "THE" Internet as the clueless call internet? How many businesses do you suppose there are that connect through a "disk from an internet service provider" and have the ISP set up a web site FOR them from where they get emails through a mailto link? There are literally MILLIONS of machines that want to be on internet without a clue about protecting at all. If they all knew how to protect, YOU would be working in something else! Lord help me what an attitude! When I was 17 and got my first car, I learned some about keeping it on the road but I found it didn't interest me too much and times and cars have changed since then. So, I get a mechanic to keep my car on the road and pay him. Don't tell me that anything you want to do even outside of computers at all you CAN do? Surely you rely on a mechanic to keep your car on the road. Maybe that mechanic is saying "If you cant keep your car on the road why are you driving at all?" Honestly the attitude of some people in I.T. gives me the shits. I know a LOT of businesses that USE computers but don't make money out of selling or servicing them. Get real - we are the "mechanics" of the computer world and it is up to US to let our customers know the truth. Don't forget, there are a lot of people about who are OLDER than 40 and use computers. Those people can REMEMBER being frustrated with computers even though some of them know as much as YOU do now. 20 something year olds are too young to remember that frustration and they end up with YOUR attitude as a result! There will come a day when the attitude of I.T. security people needs to be friendly to earn money. Learn to be friendly now ahead of time! Greg.
participants (1)
-
neal rauhauser 402-301-9555