On Sun, Apr 21, 2002 at 02:51:51AM -0400, Shawn McMahon wrote: > That probably works on a small network. Try it with several thousand > servers and 200,000 users, not counting internet customers. Or try it > with an ISP, where you can't control the configuration on ANY of the > users' computers.
You would firewall an ISP's network??? I would switch providers immediately if my ISP ever did such a thing. (note that I have no problem with them filtering specific ports for a limited time if they're causing specific damage.) As I've said previously today, I am responsible for the security of a high-profile network (i.e. constantly being scanned and/or actively attacked) with hundreds of users and *no firewall*. Security issues are few and far between, and not a single box under my direct control has ever been cracked. Users are welcome to put whatever they want on the network, but they're dealt with quickly if they present a security problem. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgprs3fF1OgF2.pgp
Description: PGP signature
