Archive of UserLand's first discussion group, started October 5, 1998.

Firewall stance and tunneling

Author:Ken MacLeod
Posted:5/5/2000; 3:10:56 PM
Topic:scriptingNews outline for 5/5/2000
Msg #:17019 (In response to 17013)
Prev/Next:17018 / 17020

To firewall admins (and site, network, host, and application security in general) there are two general policies that admins choose between:

Most universities and home users allow everything. Many organizations block everything. Many organizations block everything coming in but allow everything going out.

For whatever reasons, many sites that follow the "block everything" policy inexplicably change their stance to "allow everything" when it comes to SMTP or HTTP, they basically allow anything through. They do this by not implementing any filters on those connections and not monitoring them for unexpected usage.


In "Building Internet Firewalls" (Chapman and Zwicky; O'Reilly & Associates, Inc.) these stances are described:

Since I always have to think through that everytime I read it, I prefer the shorter more common descriptions above.




This page was archived on 6/13/2001; 4:55:05 PM.

© Copyright 1998-2001 UserLand Software, Inc.