Security of National Infrastructure

Michael.Dillon at Michael.Dillon at
Tue Jan 2 21:06:31 UTC 2007

>> Why is it that every company out there allows connections through their
>> firewalls to their web and mail infrastructure from countries that they
>> don't even do business in. Shouldn't it be our default to only allow US
>> based IP addresses and then allow others as needed? The only case I can
>> think of would be traveling folks that need to VPN or something, which
>> could be permitted in the Firewall, but WHY WIDE OPEN ACCESS? We still
>> seem to be in the wild west, but no-one has the b at lls to be braven and
>> block the unnecessary access.
> Please don't feed the troll...

All those meandering replies full of jokes,
puns, political comments and smart remarks
do feed the trolls. But a straightforward 
answer is not troll feeding.

The fact is that all those companies out
there are PUBLISHING information on their
web servers. In order to PUBLISH you must 
open access to arbitrary members of the 
PUBLIC. These companies also publish email
addresses and invite people to send them 
email. In order for this email to get through
they have to open their incoming mail servers
to anyone.

This does not mean that their mail infrastructure 
or web infrastructure is wide open. In most cases
only an HTTP load balancer and an incoming-only
SMTP server will be accessible directly.

If anyone knows of a significant number of companies
where this is not the case then I think you have 
found a potential market for some consultancy
services. Rather than whining on NANOG, it would be 
more productive to find a salesperson to help you 
get your foot in the door and fix the problems.

--Michael Dillon

More information about the NANOG mailing list