Synology Disk DS211J
mpalmer at hezmatt.org
Fri Sep 30 01:18:44 CDT 2011
On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote:
> On 9/29/11 17:46 , Robert Bonomi wrote:
> >> From: Nathan Eisenberg <nathan at atlasnetworks.us>
> >> Subject: RE: Synology Disk DS211J
> >> Date: Thu, 29 Sep 2011 21:58:23 +0000
> >>> And this is why the prudent home admin runs a firewall device he or she
> >>> can trust, and has a "default deny" rule in place even for outgoing
> >>> connections.
> >>> - Matt
> >> The prudent home admin has a default deny rule for outgoing HTTP to port
> >> 80? I doubt it.
> > No, the prudent nd knowledgable prudent home admin does not have default deny
> > rule just for outgoing HTTP to port 80.
> > He has a defult deny rule for _everything_. Every internal source address,
> > and every destination port. Then he pokes holes in that 'deny everything'
> > for specific machines to make the kinds of external connections that _they_
> > need to make.
> Tell me how that flys with the customers in your household...
Perfectly fine. My users know not to go plugging random devices in, and I
properly configure the firewall to account for all legitimate traffic before
the device is commissioned.
More information about the NANOG