On Thu, Sep 29, 2011 at 07:10:10PM -0700, Joel jaeggli wrote: > On 9/29/11 17:46 , Robert Bonomi wrote: > >> From: Nathan Eisenberg <nat...@atlasnetworks.us> > >> Subject: RE: Synology Disk DS211J > >> Date: Thu, 29 Sep 2011 21:58:23 +0000 > >> > >>> And this is why the prudent home admin runs a firewall device he or she > >>> can trust, and has a "default deny" rule in place even for outgoing > >>> connections. > >>> > >>> - Matt > >>> > >>> > >> > >> The prudent home admin has a default deny rule for outgoing HTTP to port > >> 80? I doubt it. > >> > > > > No, the prudent nd knowledgable prudent home admin does not have default > > deny > > rule just for outgoing HTTP to port 80. > > > > He has a defult deny rule for _everything_. Every internal source > > address, > > and every destination port. Then he pokes holes in that 'deny everything' > > for specific machines to make the kinds of external connections that _they_ > > need to make. > > Tell me how that flys with the customers in your household...
Perfectly fine. My users know not to go plugging random devices in, and I properly configure the firewall to account for all legitimate traffic before the device is commissioned. - Matt
