Microsoft to ship new versions with firewall enabled
JC Dill
nanog at vo.cnchost.com
Thu Aug 14 18:44:56 UTC 2003
At 10:00 AM 8/14/2003, Daniel Senie wrote:
>At 12:39 PM 8/14/2003, Matthew Watkins wrote:
>
>>Apple have the right idea... I'd say all the vendors need to take a
>>carefully balanced approach to security in the default configurations of
>>their software. Leave services exposed to the network disabled by default,
>>where possible.
>>
>>By all means, configure firewalls by default to block all non-established
>>incoming connections to low port numbers, but for heaven's sake don't also
>>block access to those ports from the local subnet as well.
>
>Define "local subnet."
>
>Go sit in a Starbucks and use Wifi. Is the person at the next table, or
>sitting on the bench outside with their laptop considered on the "local
>subnet?" Do you trust that person?
Hold on a second, and let me ask him. :-)
>This is just an example of how a policy like the one you suggest can be
>dangerous.
He said "What's a subnet?"
heh
jc
More information about the NANOG
mailing list