Teredo and 'firewalls' (Re: Comcast enables 6to4 relays)

Jeroen Massar jeroen at unfix.org
Tue Aug 31 13:05:39 CDT 2010


On 2010-08-31 19:58, Nathan Eisenberg wrote:
>> The only thing you can do to help your users is to provide them with proper
>> education and to explain them to keep up to date and run the right tools and
>> not click anywhere they can.... and that is a mission which is near impossible.
> 
> I thought user education in threat management was long ago abandoned as a
> realistic defense mechanism.  Don't get me wrong, I loved my users when I
> was supporting a desktop fleet; but the key to their survival was always
> policy implementation through Active Directory; back in the day, blocking
> executable files in email prevented a lot more problems than training
users
> not to open them did.

When you control the hosts in your network then indeed that works quite
well and is most very likely the best approach, though it fails
miserably again when users don't want to be part of your control.

If you are an ISP then you don't control the hosts of your users and
then the only thing left is to educate... which is near impossible as
you state.

> Don't get me wrong, every little bit helps.  But when you consider
> your security with a scrutinous eye, you should always ignore the question
> 'how educated are my users'.  It's irrelevant.

As long as you check the PDF viewer version of the ladies at the HR
department ;)

Greets,
 Jeroen




More information about the NANOG mailing list