On Wed, 28 Nov 2007, Paul Melson wrote:

> > With today's proliferation of Trojans and Spyware, anyone with a Windows

> user population above
> > three who has an allow-all default outbound policy is an idiot and

> populations of one to three
> > are likely candidates for the club if not associate members.

> Sure, but as you and I both know, it's still a very common, if not the
> predominant firewall policy in the business world. And aside from
> Cisco/Linux nerds like us that roll our own at home, every home setup with a
> firewall is configured like this.

Unprotected inter-personal physical interaction is popular in African
countries with high AIDS rates too- that doesn't make it a good thing.

While I make a good bit of income from disinfecting systems, it's not how
I'd like to spend my time (though I'm happy to do it!) Anyway, it's not
really a "firewall policy" in any sense other than implementation- it's a
default configuration that shouldn't exist- but vendors would rather make
connectivity easy than make security or risk a known issue.

In any case, we need to (in a big way) repeat the "You're being stupid"
message when it's appropriate.

Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
Art: http://PaulDRobertson.imagekind.com/

firewall-wizards mailing list